Posts Tagged ‘foundry’

BGP Configuration: Basic example in Cisco IOS

Tuesday, September 23rd, 2008

A lot of people are looking for bgp configuration information for cisco and foundry, so I’ll explain a bit about the different statements and also post a couple of configuration examples.

Cisco

01: ip route 10.0.0.0 255.0.0.0 null 0
02: router bgp 65000
03: network 10.0.0.0 mask 255.0.0.0
04: neighbor 192.168.0.1 remote-as 65001

  1. Line 01 adds a route to 10.0.0.0/8 to null, this will make BGP announce this prefix as it will per default on cisco not announce networks it does not reach.
  2. Line 02 starts a BGP process with a local AS number of 65000.
  3. Line 03 adds the network 10.0.0.0/8 to the local BGP table, the router will now announce this network into BGP.
  4. Line 04 sets up a peering session with 192.168.0.1 with their AS number defined as 65001.

Security issues in peering
I wrote a rant about this in August when the news papers put up their big posters about the Internet dying (again.) 😉
Peering sessions should have a password and it might also be wise to filter the outbound announcements with a prefix-list, to make sure not to announce full transit to every peering partner.
Also, you do not want this to happen to you either, so you should at least configure a maximum prefix count.

Cisco, more BGP configuration statements (beginning in global config)

ip prefix-list AS65000 seq 5 permit 10.0.0.0/8
ip prefix-list AS65000 seq 1000 deny 0.0.0.0/0 le 32
router bgp 65000
neighbor 192.168.0.1 password oursecret
neighbor 192.168.0.1 prefix-list AS65000 out
neighbor 192.168.0.1 maximum-prefix 5

The first two lines will define a prefix list which will match only 10.0.0.0/8
The third line enters BGP configuration while the fourth line sets a password, the same password has to be configured on the other end (for AS65000 on the remote peer) for the peering session to become active.
Line number 5 will apply a prefix-list and the last line will make the router accept NO MORE than 5 prefixes from this peering partner.

Foundry BGP Configuration
This is mostly the same, but the dry basics is as follows:

ip route 10.0.0.0/8 null0
router bgp
local-as 65000
neighbor 192.168.0.1 remote-as 65001
network 10.0.0.0 255.0.0.0

And the filtering BGP4 statements for Foundry

ip prefix-list AS65000 seq 5 permit 10.0.0.0/8
ip prefix-list AS65000 seq 1000 deny 0.0.0.0/0 le 32
router bgp
neighbor 192.168.0.1 password oursecret
neighbor 192.168.0.1 prefix-list AS65000 out
neighbor 192.168.0.1 maximum-prefix 5

So as you can see, the BGP configuration is mostly the same for both routers, so lets focus our attention to more BGP configurations on Cisco IOS.

BGP Peering From a Loopback Interface
Per default routers always use the IP address on interface directly connected to the peer as the source address for the peering session. Sometimes this is prefered configurable, for example not to drop peerings due to hardware failure, or when doing eBGP multihop peering.

This is very configurable in BGP configuration in Cisco IOS

neighbor 192.168.0.1 update-source Loopback0

Verification
At last, we need to verify the peering session. I usually use this command:

show ip bgp sum | i REMOTEAS

Substitute ‘REMOTEAS’ with the AS number of which you want to check, for example it will show this for AS65001 from our lab. (I will include the header also because it is usefull in this example, even though it won’t show up in your show command.)

Router#sh ip bgp sum | i 65001
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.1 4 65001 28 27 3 0 0 00:24:15 2

This session is now established and I receive two prefixes from the remote peer.
If you enable ‘neighbor 192.168.0.1 soft-reconfiguration inbound‘ you will also be able to check announcements.

Router#show ip bgp neighbors 192.168.0.1 routes
BGP table version is 3, local router ID is 192.168.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 192.168.0.1 0 0 65001 ?
*> 192.168.0.0 192.168.0.1 0 0 65001 ?

Total number of prefixes 2

Two prefixes received from 192.168.0.1, and you can also use the command show ip bgp neighbors 192.168.0.1 advertised-routes to check what your router is announcing to the remote peer.

That was it for today, hopefully the newer ones out there will have a better understanding of the BGP configuration.

Routing – Understanding And Tweaking the CAM

Thursday, September 18th, 2008

If you don’t pay attention to the CAM, your network could face serious problems.

What is the CAM and Why is it important?
The CAM is short for Content-Adressable Memory and is a type of memory for high speed searching applications. Other names are associative memory or when programming; associative arrays.

The CAM makes it possible to make routing decisions in hardware instead of bothering the CPU, routes are placed in the CAM so that the linecard ASIC or FPGA hardware can look up which interface to send the packet out on somewhat directly from the memory. This decreases routing latency drastically and makes wirespeed performance possible.

Imagine how your router would perform without this now..

OK, Why is it important?
Because every router have a limited amount of physical memory, and this memory space has to contain IPv4 routes, IPv6 routes and everything you are (or want to do) in hardware.
This makes partitioning of this memory important.

You have different ways of doing this, but it mostly involves a reload of the router.

CAM Profiles
On Foundry routers it’s called CAM profiles, here are the basics:

The Internet Routing table now have about 260K prefixes, so you should worry.

To check my CAM usage I use:

show cam-partition usage

On a Cisco 6500/7600 switch, you could use

show tcam details

When there are no more CAM space for a route, it will become unreachable.
So pay attention to your CAM/TCAM. :-)

Configuring BGP4 with filtering on Foundry NetIron

Thursday, September 4th, 2008

This is the environment in this example:
YOUR ASN is 65400
YOUR IP address is 10.0.0.1
Your UPSTREAMS ASN is 65500
Your UPSTREAMS IP address is 10.0.0.2

You want to announce 192.168.0.0/16, the router will automatically exchange all the routes that it holds in its BGP table, so it might be wise to shutdown the peer while configuring it.
router# conf t
router(config)# ip prefix-list announceAS65400 permit 192.168.0.0/16
router(config)# router bgp
router(config-bgp)# local-as 65400
router(config-bgp)# neighbor 10.0.0.2 remote-as 65500
router(config-bgp)# neighbor 10.0.0.2 shutdown
router(config-bgp)# neighbor 10.0.0.2 prefix-list announceAS65400 out
router(config-bgp)# clear ip bgp neighbor 10.0.0.2
router(config-bgp)# no neighbor 10.0.0.2 shutdown