BGP Conditional Routing Advertise Map

 

image

R1 configuration

interface Loopback0
ip address 1.1.0.1 255.255.255.0
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.13.1 255.255.255.0
duplex auto
speed auto
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.0.0 mask 255.255.255.0
network 1.1.1.0 mask 255.255.255.0
network 10.1.13.0 mask 255.255.255.0
neighbor 10.1.12.2 remote-as 100
neighbor 10.1.13.3 remote-as 300
no auto-summary

R2 configuration

interface FastEthernet0/1
 ip address 10.1.12.2 255.255.255.0
 duplex auto
 speed auto
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.1.12.1 remote-as 100
 no auto-summary

R3 configuration

interface Loopback0
 ip address 3.3.0.3 255.255.255.0
interface Loopback1
 ip address 3.3.1.3 255.255.255.0
interface FastEthernet0/1
 ip address 10.1.13.3 255.255.255.0
 duplex auto
 speed auto
!
router bgp 300
 no synchronization
 bgp log-neighbor-changes
 network 3.3.0.0 mask 255.255.255.0
 network 3.3.1.0 mask 255.255.255.0
 neighbor 10.1.13.1 remote-as 100
 no auto-summary

Using advertise map configure R1 to advertise 1.1.0.0/24 prefix only if 3.3.0.0/24

exists in R1 BGP table

To achieve this we will use Advertise map with exist map

The advertise map matches the prefix that we wan to advertise incase the condition is met in the exist map (route exist in the BGP table)

let’s see the configuration on R1

ip prefix-list R1_ADV seq 5 permit 1.1.0.0/24
!
ip prefix-list R3_EXIST seq 5 permit 3.3.0.0/24
!
route-map ADVERTISE permit 10
 match ip address prefix-list R1_ADV
!
route-map EXIST permit 10
 match ip address prefix-list R3_EXIST

router bgp 100
neighbor 10.1.12.2 advertise-map ADVERTISE  exist-map EXIST

let’s see the BGP table on R2 before we shut down lo0 on R3

R2(config-if)#do sh ip bgp
BGP table version is 6, local router ID is 2.2.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.0.0/24       10.1.12.1                0    100      0 i
*>i1.1.1.0/24       10.1.12.1                0    100      0 i
*>i3.3.0.0/24       10.1.13.3                0    100      0 300 i
*>i3.3.1.0/24       10.1.13.3                0    100      0 300 i
*>i10.1.13.0/24     10.1.12.1                0    100      0 i

we can see that 1.1.0.0/24 and 3.3.0.0/24 exist in R2 BGP table

now let’s shut down lo0 on R3 and see the BGP on R2

R2(config-if)#do sh ip bgp
BGP table version is 4, local router ID is 2.2.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.1.0/24       10.1.12.1                0    100      0 i
*>i3.3.1.0/24       10.1.13.3                0    100      0 300 i
*>i10.1.13.0/24     10.1.12.1                0    100      0 i

we can see that R2 is not receiving the prefix 1.1.0.0/24 as expected

also we can check that on R1

R1(config-router)#do sh ip bgp ne 10.1.12.2 | b Outbound 
                                                             Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    advertise-map:                                1        n/a
    Total:                                                    1          0

Now let’s try the opposite, so we will advertise 1.1.0.0/24 only 3.3.0.0 doesn’t exist

route-map NON_EXIST permit 10
 match ip address prefix-list R3_ADV
router bgp 100
neighbor 10.1.12.2 advertise-map ADVERTISE no-exist-map NON_EXIST

No let’s check the BGP on R2 when lo0 is up on R3

R2(config-if)#do sh ip bgp
BGP table version is 13, local router ID is 2.2.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i3.3.0.0/24       10.1.13.3                0    100      0 300 i
*>i3.3.1.0/24       10.1.13.3                0    100      0 300 i

as we can see we don’t receive 1.1.0.0/24 on R2 because R1 has 3.3.0.0/24 prefix from R3

now let’s shutdown lo0 on R3 and see the changes on R2

R2(config-if)#do sh ip bgp
BGP table version is 24, local router ID is 2.2.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.0.0/24       10.1.12.1                0    100      0 i
*>i1.1.1.0/24       10.1.12.1                0    100      0 i
* i3.3.1.0/24       10.1.13.3                0    100      0 300 i
*>i10.1.13.0/24     10.1.12.1                0    100      0 i

As we can see on R2 when R1 doesn’t have 3.3.0.0/24 we start receiving 1.1.0.0/24

R1(config-router)#do sh ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.0.0/24       0.0.0.0                  0         32768 i
*> 1.1.1.0/24       0.0.0.0                  0         32768 i
*> 3.3.1.0/24       10.1.13.3                0             0 300 i
*> 10.1.13.0/24     0.0.0.0                  0         32768 i

Comments

Post a Comment

Popular posts from this blog

IPv6 EIGRP

Image
In this post we will try to configure IPv6 EIGRP see the different options for the protocol and how these options are almost identical to the IPv4 version of EIGRP configuration R1 ipv6 unicast-routing interface lo0 ipv6 address 2001:1:1::1/64 interface FastEthernet0/0   ipv6 address FE80::1 link-local   ipv6 address FC00:1:12::1/64 ! interface FastEthernet0/1   ipv6 address FE80::1 link-local   ipv6 address FC00:1:13::1/64 !          R2 ipv6 unicast-routing interface lo0 ipv6 address 2001:2:2::2/64 interface FastEthernet0/0   ipv6 address FE80::2 link-local   ipv6 address FC00:1:12::2/64 ! interface FastEthernet0/1   ipv6 address FE80::2 link-local   ipv6 address FC00:1:23::2/64 R3 ipv6 unicast-routing interface lo0 ipv6 address 2001:3:3::3/64 interface lo1 ipv6 address 2001:3:4::3/64 interface lo2 ipv6 address 2001:3:5::3/64 interface FastEthernet0/0   ipv6 address FE80::3 link-...
Read more

BPDU Filter vs BPDU Guard

        Today we will try to explore the difference between these 2 options, BPDU guard and BPDU filter We know that BPDU are used to communicate between switches in L2 networks  to ensure loop free topology. BPDU Guard is used to protect our access (or trunks incase of servers) ports from receiving undesired BPDU packets, this feature is helpful in enforcing your network boundary in access layer BPDU Guard can be enabled on global configuration as well as under the interface configuration BPDU Filter on the other hand is used to filter BPDU packets outbound when configured  in global configuration (after sending 11 BPDU out ) and will filter BPDU inbound/outbound when configured under the interface level To better understand these two features, let’s use this simple topology R1 is connected to SW1 through F0/0 to have R1 send and receive BPDU we will simple configure bridging group 1 on the router and we will join the bridge group when desired to...
Read more

Private VLANS and protected ports

Image
In this post we will try to learn two layer 2 technologies, private vlans and protected ports Private vlans is used to segregate the layer 2 domain within the same vlan so we don’t waste any IP addresses, think about as sub-vlans within the same vlan that share the same layer 3 address. These sub-vlans can be of two kinds                      1- Community 2- Isolated The difference between community and isolated sub-vlans that hosts within community vlan can communicate together however hosts within isolated vlans con’t communicate to each others, also note that hosts from different community vlans can’t communicate/isolated vlans can’t communicate together. The question is how these hosts in community/isolated vlans communicate to the outside world, and the answer is they communicate through the promiscuous port which is part of parent vlan but this port is allowed to communicat...
Read more