iBGP peering.



Wow! Christmas is on coming Saturday. Merry Christmas to you all, today I’m reading about iBGP peering and hope that I can finish BGP chapter before 2010 ending. This is my iBGP lab, but seem like if I run this, it will be a heavy load for my poor Dell laptop.fuuu…

This time, enterprise have two core routers, IE-1 and IE-2, both are connecting to the internet, different ISP. In this case, we assume that , IE-1 configured to received default route and full BGP update from ISP-1 router. But for IE-2 only configured to received a default rout and partial BGP update, meaning that ISP-3 router will only send a partial part of his BGP updates, not including the updates from ISP-2 but including the customers of ISP-3, 202.1.1.1/24 network in this case.

When a packet from Enterprise want to go to 202.1.1.1/24, it will arrived at both IE-1 and IE-2, which are up link routers. Here, we can assume that OSPF is running within enterprise. Then IE-1 will send packet to IE-2 only but not to ISP-1 because IE-1 know that IE-2 has better route to ASN-5.

Without that iBGP connection, the routers will have no way to know if the other routers have a better BGP path.

- If one router has only one uplink to internet, no need to use loopback interface as update source, as the result, no need to use eBGP multihop subcommand.

- But, even though iBGP peering use loopback IP address (it should use because of the below reasons), it does not need to configure eBGP multihop subcommand.

The inter-connection between iBGP peering within Enterprise routers should use loopback interface. Because internet connected routers of same enterprise might not using the common subnets. Maybe, the routers in separate building or may actually be in different cities or even in different countries for the sake of redundancy. In such case, it makes sense to configure iBGP peers using loopback IP addresses for TCP connection so the single link failure does not cause the iBGP peering fail.

This is the configuration example of the redistribution of the enterprise’s public address range of 202.202.0.0/19 by redistribution from OSPF and summarizing with the aggregate-address BGP subcommand. And as you can see, this is obvious that local BGP ASN and remote BGP ASN are same. So that line is for iBGP peering within same ASN.

Example:

Router bgp 4

Aggregate-address 202.202.0.0 255.255.224.0 summary-only

Redistribute ospf 1 route-map only-128-107

Neighbor 10.1.1.1 remote-as 4


Thanks !!!

BGP Lab - Neighbor Peering and static route injection.


scenario : Let's say Enterprise-1 is connecting to ISP-1 using dual homed design. There are two link which connect to the same ISP. Both link are always alive acting redundancies for each other.

Internal Routers of Enterprise-1, like IE-1 are connecting to their border router E1. In this case i'm using static routes inside the enterprise. If i use other dynamic route like OSPF or etc.., i have to configure "route redistributing" at E1.

And use a loopback interface as update source, and configure eBGP multihop with a dual BGP peer, which reduce the amount of overhead, while giving the same higher availability.


This is the Routing Table of Enterprise Router I-E1.

I-E1#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 192.168.100.2 to network 0.0.0.0

192.168.100.0/30 is subnetted, 1 subnets

C 192.168.100.0 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 192.168.100.2 !! Default Static Route to E1

What I’m trying to do here is just try to set a default route, which saying that any packets which coming to I-E1 will go out to inner interface of Border Enterprise Router E1. Let’s say a packet come in, which want to go to ISP router ISP-1 that I-E1 don’t know. Then I-E1 will send all these into 192.168.100.2 of E1. From here, E1 will take care the rest of its journey by using its Routing table. Here is E1 routing table.

E1#sh ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

1.0.0.0/32 is subnetted, 1 subnets

C 1.1.1.1 is directly connected, Loopback0

2.0.0.0/32 is subnetted, 1 subnets

S 2.2.2.2 [1/0] via 192.168.1.2 !! This is the static route to use loopback interface.

[1/0] via 10.1.1.2

S 192.168.99.0/24 [1/0] via 192.168.100.1

C 10.0.0.0/8 is directly connected, FastEthernet2/0

C 192.168.1.0/24 is directly connected, FastEthernet1/0

192.168.100.0/30 is subnetted, 1 subnets

C 192.168.100.0 is directly connected, FastEthernet6/0

S* 0.0.0.0/0 is directly connected, Loopback0 !! This is default static route all packet via loopback

And, I tried to inject 192.168.100/24 and 192.168.99.0/24, which are internal subnets of Enterprise to advertise out in BGP message of E1. So ISP-1 will receive the route and know how to reach inner subnets or Enterprise.

ISP-1#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

S 1.1.1.1 [1/0] via 192.168.1.1

[1/0] via 10.1.1.1

2.0.0.0/32 is subnetted, 1 subnets

C 2.2.2.2 is directly connected, Loopback0

B 192.168.99.0/24 [20/0] via 1.1.1.1, 00:03:28

C 10.0.0.0/8 is directly connected, FastEthernet2/0

C 192.168.1.0/24 is directly connected, FastEthernet1/0

B 192.168.100.0/24 [20/0] via 1.1.1.1, 00:03:28



ISP-1#ping 192.168.100.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/94/140 ms

Vice visa,

I-E1#ping 2.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 172/240/300 ms