BGP Inject Map

image

R1 configuration

interface FastEthernet0/0
 ip address 10.1.12.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.1.13.1 255.255.255.0
 duplex auto
 speed auto
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 1.1.0.0 mask 255.255.255.0
 network 10.1.13.0 mask 255.255.255.0
 neighbor 10.1.12.2 remote-as 200
 neighbor 10.1.13.3 remote-as 300
 no auto-summary

R2 configuration

interface Loopback0
 ip address 2.2.0.2 255.255.255.0
!
interface Loopback1
 ip address 2.2.1.2 255.255.255.0

interface FastEthernet0/1
 ip address 10.1.12.2 255.255.255.0
 duplex auto
 speed auto
!
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 network 2.2.0.0 mask 255.255.255.0
 network 2.2.1.0 mask 255.255.255.0
 aggregate-address 2.2.0.0 255.255.252.0 as-set summary-only
 neighbor 10.1.12.1 remote-as 100
 no auto-summary

R3 configuration

interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.1.13.3 255.255.255.0
 duplex auto
 speed auto
!
router bgp 300
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.1.13.1 remote-as 100
 no auto-summary

The setup is very basic R2 generates and aggregate address 2.2.0.0/22 for its two loopback interface lo0 and lo1

The aggregate address is being received by R1 and then advertised to R3

so using inject-map we want to configure R1 to generate more specific routes from this aggregate and advertise to R3

To do this we need to match three things

1- The source that advertises the aggregate route

2- The aggregate route itself

3- The more specific routes

so on R1 we will create three prefix lists

R1(config)# ip prefix-list AGGREGATE_SOURCE permit 10.1.12.2/32
R1(config)#ip prefix-list AGGREGATE  permit 2.2.0.0/22
R1(config)#ip prefix-list UNAGGREGATED permit 2.2.2.0/24

then we will create two route-maps one to match the aggregate source and the aggregate itself and the second one to set the more specific routes

R1(config)#route-map FROM_AGGREGATOR
R1(config-route-map)#match ip address prefix-list AGGREGATE_SOURCE
R1(config-route-map)#match ip address prefix-list  AGGREGATE     

R1(config-route-map)#route-map INJECTED_ROUTES                   
R1(config-route-map)#set ip address prefix-list UNAGGREGATED

so FROM_AGGREGATOR route-map matches these two prefixes 10.1.12.2/32 which is the source of our aggregate and 2.2.0.0/32 which is the aggregate itself

INJECTED_ROUTES set the more specific routes that we need to un-aggregate to R3

Now under the BGP of R1 we need to tie the two route-maps together using the inject-map

R1(config)#router bgp 100
R1(config-router)#bgp inject-map INJECTED_ROUTES exist-map FROM_AGGREGATOR

now let’s see the  BGP of R3

R3(config-router)#do sh ip bgp
BGP table version is 82, local router ID is 10.1.13.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 2.2.0.0/22       10.1.13.1                              0 100 200 i
*> 2.2.2.0/24       10.1.13.1                              0 100 ?
r> 10.1.13.0/24     10.1.13.1                0             0 100 i

Nice! it worked we can see that R3 now have the two routes 2.2.0.0/22 and 2.2.2.0/24

what about R2

R2(config)#do sh ip bgp
BGP table version is 15, local router ID is 2.2.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
s> 2.2.0.0/24       0.0.0.0                  0         32768 i
*> 2.2.0.0/22       0.0.0.0                       100  32768 i
s> 2.2.1.0/24       0.0.0.0                  0         32768 i
*> 10.1.13.0/24     10.1.12.1                0             0 100 i

R2 didn’t receive the more specific route from R1

Comments

Post a Comment

Popular posts from this blog

IPv6 EIGRP

Image
In this post we will try to configure IPv6 EIGRP see the different options for the protocol and how these options are almost identical to the IPv4 version of EIGRP configuration R1 ipv6 unicast-routing interface lo0 ipv6 address 2001:1:1::1/64 interface FastEthernet0/0   ipv6 address FE80::1 link-local   ipv6 address FC00:1:12::1/64 ! interface FastEthernet0/1   ipv6 address FE80::1 link-local   ipv6 address FC00:1:13::1/64 !          R2 ipv6 unicast-routing interface lo0 ipv6 address 2001:2:2::2/64 interface FastEthernet0/0   ipv6 address FE80::2 link-local   ipv6 address FC00:1:12::2/64 ! interface FastEthernet0/1   ipv6 address FE80::2 link-local   ipv6 address FC00:1:23::2/64 R3 ipv6 unicast-routing interface lo0 ipv6 address 2001:3:3::3/64 interface lo1 ipv6 address 2001:3:4::3/64 interface lo2 ipv6 address 2001:3:5::3/64 interface FastEthernet0/0   ipv6 address FE80::3 link-...
Read more

BPDU Filter vs BPDU Guard

        Today we will try to explore the difference between these 2 options, BPDU guard and BPDU filter We know that BPDU are used to communicate between switches in L2 networks  to ensure loop free topology. BPDU Guard is used to protect our access (or trunks incase of servers) ports from receiving undesired BPDU packets, this feature is helpful in enforcing your network boundary in access layer BPDU Guard can be enabled on global configuration as well as under the interface configuration BPDU Filter on the other hand is used to filter BPDU packets outbound when configured  in global configuration (after sending 11 BPDU out ) and will filter BPDU inbound/outbound when configured under the interface level To better understand these two features, let’s use this simple topology R1 is connected to SW1 through F0/0 to have R1 send and receive BPDU we will simple configure bridging group 1 on the router and we will join the bridge group when desired to...
Read more

Private VLANS and protected ports

Image
In this post we will try to learn two layer 2 technologies, private vlans and protected ports Private vlans is used to segregate the layer 2 domain within the same vlan so we don’t waste any IP addresses, think about as sub-vlans within the same vlan that share the same layer 3 address. These sub-vlans can be of two kinds                      1- Community 2- Isolated The difference between community and isolated sub-vlans that hosts within community vlan can communicate together however hosts within isolated vlans con’t communicate to each others, also note that hosts from different community vlans can’t communicate/isolated vlans can’t communicate together. The question is how these hosts in community/isolated vlans communicate to the outside world, and the answer is they communicate through the promiscuous port which is part of parent vlan but this port is allowed to communicat...
Read more