Archive for the ‘foundry configuration’ Category

BGP Configuration: Basic example in Cisco IOS

Tuesday, September 23rd, 2008

A lot of people are looking for bgp configuration information for cisco and foundry, so I’ll explain a bit about the different statements and also post a couple of configuration examples.

Cisco

01: ip route 10.0.0.0 255.0.0.0 null 0
02: router bgp 65000
03: network 10.0.0.0 mask 255.0.0.0
04: neighbor 192.168.0.1 remote-as 65001

  1. Line 01 adds a route to 10.0.0.0/8 to null, this will make BGP announce this prefix as it will per default on cisco not announce networks it does not reach.
  2. Line 02 starts a BGP process with a local AS number of 65000.
  3. Line 03 adds the network 10.0.0.0/8 to the local BGP table, the router will now announce this network into BGP.
  4. Line 04 sets up a peering session with 192.168.0.1 with their AS number defined as 65001.

Security issues in peering
I wrote a rant about this in August when the news papers put up their big posters about the Internet dying (again.) 😉
Peering sessions should have a password and it might also be wise to filter the outbound announcements with a prefix-list, to make sure not to announce full transit to every peering partner.
Also, you do not want this to happen to you either, so you should at least configure a maximum prefix count.

Cisco, more BGP configuration statements (beginning in global config)

ip prefix-list AS65000 seq 5 permit 10.0.0.0/8
ip prefix-list AS65000 seq 1000 deny 0.0.0.0/0 le 32
router bgp 65000
neighbor 192.168.0.1 password oursecret
neighbor 192.168.0.1 prefix-list AS65000 out
neighbor 192.168.0.1 maximum-prefix 5

The first two lines will define a prefix list which will match only 10.0.0.0/8
The third line enters BGP configuration while the fourth line sets a password, the same password has to be configured on the other end (for AS65000 on the remote peer) for the peering session to become active.
Line number 5 will apply a prefix-list and the last line will make the router accept NO MORE than 5 prefixes from this peering partner.

Foundry BGP Configuration
This is mostly the same, but the dry basics is as follows:

ip route 10.0.0.0/8 null0
router bgp
local-as 65000
neighbor 192.168.0.1 remote-as 65001
network 10.0.0.0 255.0.0.0

And the filtering BGP4 statements for Foundry

ip prefix-list AS65000 seq 5 permit 10.0.0.0/8
ip prefix-list AS65000 seq 1000 deny 0.0.0.0/0 le 32
router bgp
neighbor 192.168.0.1 password oursecret
neighbor 192.168.0.1 prefix-list AS65000 out
neighbor 192.168.0.1 maximum-prefix 5

So as you can see, the BGP configuration is mostly the same for both routers, so lets focus our attention to more BGP configurations on Cisco IOS.

BGP Peering From a Loopback Interface
Per default routers always use the IP address on interface directly connected to the peer as the source address for the peering session. Sometimes this is prefered configurable, for example not to drop peerings due to hardware failure, or when doing eBGP multihop peering.

This is very configurable in BGP configuration in Cisco IOS

neighbor 192.168.0.1 update-source Loopback0

Verification
At last, we need to verify the peering session. I usually use this command:

show ip bgp sum | i REMOTEAS

Substitute ‘REMOTEAS’ with the AS number of which you want to check, for example it will show this for AS65001 from our lab. (I will include the header also because it is usefull in this example, even though it won’t show up in your show command.)

Router#sh ip bgp sum | i 65001
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.1 4 65001 28 27 3 0 0 00:24:15 2

This session is now established and I receive two prefixes from the remote peer.
If you enable ‘neighbor 192.168.0.1 soft-reconfiguration inbound‘ you will also be able to check announcements.

Router#show ip bgp neighbors 192.168.0.1 routes
BGP table version is 3, local router ID is 192.168.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 192.168.0.1 0 0 65001 ?
*> 192.168.0.0 192.168.0.1 0 0 65001 ?

Total number of prefixes 2

Two prefixes received from 192.168.0.1, and you can also use the command show ip bgp neighbors 192.168.0.1 advertised-routes to check what your router is announcing to the remote peer.

That was it for today, hopefully the newer ones out there will have a better understanding of the BGP configuration.