1. Prefix 10.0.0.0/24 generated by R1 should not leak out to beyond AS234
2. R2 generate aggregated prefix that covers the prefixes from AS1 and AS234
3. The aggregated prefix should provide all the AS paths information
4. 10.0.1.0/24 to 10.0.3.0/24 need to be suppressed globally on R2
5. But 10.0.3.0/24 prefix should be sent out to R4 and subsequently to R6
6. R2 will conditionally inject the host route 10.0.1.12/32 as long as R2 receive 10.0.1.0/24 from R1
7. Since AS1 request to black-hole the traffic coming to 10.0.1.12, R2 will drop into null0
8. In order for the host route 10.0.1.12 not to leak out to AS5 and AS6, R2 will tag with community value 234:234. So that R3 and R4 interpret any route tagged with 234:234 should not be advertiested to other ASs.
Configuration
R1
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface Loopback1
ip address 10.0.1.1 255.255.255.0
!
interface Loopback2
ip address 10.0.2.1 255.255.255.0
!
interface Loopback3
ip address 10.0.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
redistribute connected route-map LOOPBACKS
neighbor 192.168.12.2 remote-as 234
neighbor 192.168.12.2 send-community
neighbor 192.168.12.2 route-map NO-EXPORT out
no auto-summary
!
ip prefix-list LOOPBACKS seq 5 permit 10.0.0.0/22 le 24
!
ip prefix-list NET0 seq 5 permit 10.0.0.0/24
!
route-map NO-EXPORT permit 10
match ip address prefix-list NET0
set community no-export
!
route-map NO-EXPORT permit 100
!
route-map LOOPBACKS permit 10
match ip address prefix-list LOOPBACKS
R2
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback4
ip address 10.0.4.2 255.255.255.0
!
interface Loopback5
ip address 10.0.5.2 255.255.255.0
!
interface Loopback6
ip address 10.0.6.2 255.255.255.0
!
interface Loopback7
ip address 10.0.7.2 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
ip router isis
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.24.2 255.255.255.0
ip router isis
duplex auto
speed auto
!
router isis
net 49.0000.0000.0002.00
is-type level-2-only
metric-style wide transition
passive-interface Loopback0
!
router bgp 234
no synchronization
bgp log-neighbor-changes
bgp inject-map INJECT exist-map EXIST
aggregate-address 10.0.0.0 255.255.248.0 as-set advertise-map ADV suppress-map SUP
redistribute connected route-map LOOPBACKS
neighbor 3.3.3.3 remote-as 234
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client
neighbor 3.3.3.3 next-hop-self
neighbor 3.3.3.3 send-community
neighbor 4.4.4.4 remote-as 234
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 next-hop-self
neighbor 4.4.4.4 send-community
neighbor 4.4.4.4 unsuppress-map UNSUP
neighbor 192.168.12.1 remote-as 1
no auto-summary
!
ip forward-protocol nd
ip route 10.0.1.12 255.255.255.255 Null0
!
ip bgp-community new-format
ip community-list standard 234:234 permit 234:234
!
ip prefix-list HOST seq 5 permit 0.0.0.0/0 ge 32
!
ip prefix-list INJECT seq 5 permit 10.0.1.12/32
!
ip prefix-list LOOPBACKS seq 5 permit 10.0.4.0/22 le 24
!
ip prefix-list NET0 seq 5 permit 10.0.0.0/24
!
ip prefix-list NET1 seq 5 permit 10.0.1.0/24
!
ip prefix-list NET3 seq 5 permit 10.0.3.0/24
!
ip prefix-list R1 seq 5 permit 192.168.12.1/32
!
ip prefix-list R1LOOPBACKS seq 5 permit 10.0.1.0/24
ip prefix-list R1LOOPBACKS seq 10 permit 10.0.2.0/23 le 24
!
route-map INJECT permit 10
set ip address prefix-list INJECT
set community 234:234
!
route-map LOOPBACKS permit 10
match ip address prefix-list LOOPBACKS
!
route-map UNSUP permit 10
match ip address prefix-list NET3
!
route-map ADV deny 10
match ip address prefix-list NET0
!
route-map ADV deny 20
match ip address prefix-list HOST
!
route-map ADV deny 30
match community 234:234
!
route-map ADV permit 100
!
route-map EXIST permit 10
match ip address prefix-list NET1
match ip route-source prefix-list R1
!
route-map SUP permit 10
match ip address prefix-list R1LOOPBACKS
R3
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.23.3 255.255.255.0
ip router isis
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.35.3 255.255.255.0
duplex auto
speed auto
!
router isis
net 49.0000.0000.0003.00
is-type level-2-only
metric-style wide transition
passive-interface Loopback0
!
router bgp 234
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 234
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 192.168.35.5 remote-as 5
neighbor 192.168.35.5 route-map OUTBOUND out
no auto-summary
!
ip bgp-community new-format
ip community-list standard 234:234 permit 234:234
!
route-map OUTBOUND deny 10
match community 234:234
!
route-map OUTBOUND permit 100
R4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.24.4 255.255.255.0
ip router isis
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.46.4 255.255.255.0
duplex auto
speed auto
!
router isis
net 49.0000.0000.0004.00
is-type level-2-only
metric-style wide transition
passive-interface Loopback0
!
router bgp 234
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 234
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 192.168.46.6 remote-as 6
neighbor 192.168.46.6 route-map OUTBOUND out
no auto-summary
!
ip bgp-community new-format
ip community-list standard 234:234 permit 234:234
!
route-map OUTBOUND deny 10
match community 234:234
!
route-map OUTBOUND permit 100
R5
interface FastEthernet0/0
ip address 192.168.35.5 255.255.255.0
!
router bgp 5
no synchronization
bgp log-neighbor-changes
neighbor 192.168.35.3 remote-as 234
no auto-summary
R6
interface FastEthernet0/0
ip address 192.168.46.6 255.255.255.0
!
router bgp 6
no synchronization
bgp log-neighbor-changes
neighbor 192.168.46.4 remote-as 234
no auto-summary
Verification
R2#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0/24 192.168.12.1 0 0 1 ?
*> 10.0.0.0/21 0.0.0.0 100 32768 1 ?
s> 10.0.1.0/24 192.168.12.1 0 0 1 ?
r> 10.0.1.12/32 192.168.12.1 0 ?
s> 10.0.2.0/24 192.168.12.1 0 0 1 ?
s> 10.0.3.0/24 192.168.12.1 0 0 1 ?
*> 10.0.4.0/24 0.0.0.0 0 32768 ?
*> 10.0.5.0/24 0.0.0.0 0 32768 ?
*> 10.0.6.0/24 0.0.0.0 0 32768 ?
*> 10.0.7.0/24 0.0.0.0 0 32768 ?
R3#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i10.0.0.0/24 2.2.2.2 0 100 0 1 ?
*>i10.0.0.0/21 2.2.2.2 0 100 0 1 ?
*>i10.0.1.12/32 2.2.2.2 0 100 0 ?
*>i10.0.4.0/24 2.2.2.2 0 100 0 ?
*>i10.0.5.0/24 2.2.2.2 0 100 0 ?
*>i10.0.6.0/24 2.2.2.2 0 100 0 ?
*>i10.0.7.0/24 2.2.2.2 0 100 0 ?
R4#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i10.0.0.0/24 2.2.2.2 0 100 0 1 ?
*>i10.0.0.0/21 2.2.2.2 0 100 0 1 ?
*>i10.0.1.12/32 2.2.2.2 0 100 0 ?
*>i10.0.3.0/24 2.2.2.2 0 100 0 1 ?
*>i10.0.4.0/24 2.2.2.2 0 100 0 ?
*>i10.0.5.0/24 2.2.2.2 0 100 0 ?
*>i10.0.6.0/24 2.2.2.2 0 100 0 ?
*>i10.0.7.0/24 2.2.2.2 0 100 0 ?
R5#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0/21 192.168.35.3 0 234 1 ?
*> 10.0.4.0/24 192.168.35.3 0 234 ?
*> 10.0.5.0/24 192.168.35.3 0 234 ?
*> 10.0.6.0/24 192.168.35.3 0 234 ?
*> 10.0.7.0/24 192.168.35.3 0 234 ?
R6#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0/21 192.168.46.4 0 234 1 ?
*> 10.0.3.0/24 192.168.46.4 0 234 1 ?
*> 10.0.4.0/24 192.168.46.4 0 234 ?
*> 10.0.5.0/24 192.168.46.4 0 234 ?
*> 10.0.6.0/24 192.168.46.4 0 234 ?
*> 10.0.7.0/24 192.168.46.4 0 234 ?
GNS File : http://www.4shared.com/rar/0a9U6KXC/BGP_Routes_Aggregation_Suppres.html
No comments:
Post a Comment