1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
Step 1: Assign IP Addresses
Name the routers per the diagram. Disable domain-lookup. Enable synchronous logging and set exec-timeout to 0 on the console 0 line.
Configure the network according to the diagram, but do not configure a routing protocol.
Step 1: IP Addressing
Build and configure the network according to the diagram, but do not configure a
routing protocol.
Use ping to test the connectivity between the directly connected routers. Note
that SanJose cannot reach the customer network for Customer. It cannot reach it
by the IP address in the link leading to Customer nor the loopback interface
202.0.0.1/24.
Step 2: Configure BGP
Configure BGP for normal operation. Enter the appropriate BGP commands on each router so that they identify their BGP neighbors and advertise their loopback networks:
Verify that these routers have established the appropriate neighbor relationships by issuing the 'show ip bgp neighbors' command on each router.
Step 3: Remove the Private AS
Check SanJose�s routing table by using the 'show ip route' command. SanJose should have a route to both 202.0.0.0 and 172.16.1.0. Troubleshoot, if necessary.
Ping the 172.16.1.1 address from SanJose. Why does this fail?
Ping again, this time as an extended ping, sourcing from the Loopback 0
Check the BGP table from SanJose by using the 'show ip bgp command'. Note
the AS path for the 172.16.1.0 network. The AS 65000 shouldnt be listed in the path to 172.16.1.0.
Why is this a problem?
Configure ISP to strip the private AS numbers from BGP routes exchanged with SanJose (neighbor neighbor-ip remove-private-as).
After issuing these commands, use the 'clear ip bgp *' command on SanJose to reestablish the BGP relationship between the three routers.
Wait several seconds, and then return to SanJose to check its routing table.
Does SanJose still have a route to 172.16.1.0?
SanJose should be able to ping 172.16.1.0. Now check the BGP table on SanJose. The AS_PATH to the 172.16.1.0 network should be AS 300.
Step 4: Use the AS_PATH Attribute to Filter Routes
As a final configuration, use the AS_PATH attribute to filter routes based on their origin. In a complex environment, this attribute can be used to enforce routing policy. In this case, the provider router, ISP, must be configured so that it does not propagate routes that originate from AS 100 to the customer router, Customer.
First, configure a special kind of access list to match BGP routes with an AS_PATH attribute that begins with the number 100.
Now that the access list has been configured, apply it
Use the clear ip bgp * command to reset the routing information. Wait several seconds, and then check the routing table for ISP. The route to 12.0.1.0 should be in the routing table.
Check the routing table for Customer. It should not have a route to 12.0.1.0 in its routing table.
Return to ISP and verify that the filter is working as intended. Issue the command 'show ip bgp regexp ^100'
|