I just wanted to go over some route reflection rules in my BGP preparations. I did test all of these in my lab, and the real results I saw on my devices reflect what is depicted in these diagrams. If you have any questions, or anything to say at all please leave a comment.
1. If the route is received from a non-client peer, reflect to clients only (will go to EBGP peers of the AS as well).
2. If the route is received from a RR-client, reflect to all non-client and client peers.
3. If the route is received from an EBGP peer, reflect to all clients and non-clients.
I guess it is a pretty easy concept, but labbing it up definitely helped my understanding out a bit. Cisco also has some great links on route-reflection, but I also like this one:
Wiki dot nil route reflector link...
Friday, May 7, 2010
Wednesday, May 5, 2010
Suppress and Unsuppress maps
Not going to dive into any great detail on this, just some notes. Say you have a router hosting these subnets:
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
The administrator...you, wants to advertise an aggregate address for these in the form of 10.0.0.0/8, but wants to also advertise theses specific subnets along with the aggregate:
10.0.2.0/24
10.0.3.0/24
On the aggregating router we would enter the following:
access-list 1 deny 10.0.2.0 0.0.0.255
access-list 1 deny 10.0.3.0 0.0.0.255
access-list 1 permit any
route-map SUPPRESS permit 10
match ip address 1
router bgp (as)
aggregate-address 10.0.0.0 255.0.0.0 suppress-map SUPRESS
Seems a bit counter-intuitive huh?!? Well think of it this way. The access list is going to permit any routes we WANT suppressed, and deny any that we do not. So we will advertise this to any other bgp routers. Their routing tables should have these entries:
10.0.0.0/8
10.0.2.0/24
10.0.3.0/24
BUT WAIT.... what if there is a specific neighbor that we want to unsuppress some other routes for...well, guess what? Its access-list time again!
access-list 2 permit 10.0.4.0 0.0.0.255
route-map unSUPRESS permit 10
match ip address 2
router bgp (as)
neighbor (ip address) unsuppress-map unSUPPRESS
dont forget to do a clear ip bgp * (soft) to reset your neighbors.
After that command, that specific neighbors routing table should contain these entries:
10.0.0.0/8
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
Go ahead, try it out for yourself!
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
The administrator...you, wants to advertise an aggregate address for these in the form of 10.0.0.0/8, but wants to also advertise theses specific subnets along with the aggregate:
10.0.2.0/24
10.0.3.0/24
On the aggregating router we would enter the following:
access-list 1 deny 10.0.2.0 0.0.0.255
access-list 1 deny 10.0.3.0 0.0.0.255
access-list 1 permit any
route-map SUPPRESS permit 10
match ip address 1
router bgp (as)
aggregate-address 10.0.0.0 255.0.0.0 suppress-map SUPRESS
Seems a bit counter-intuitive huh?!? Well think of it this way. The access list is going to permit any routes we WANT suppressed, and deny any that we do not. So we will advertise this to any other bgp routers. Their routing tables should have these entries:
10.0.0.0/8
10.0.2.0/24
10.0.3.0/24
BUT WAIT.... what if there is a specific neighbor that we want to unsuppress some other routes for...well, guess what? Its access-list time again!
access-list 2 permit 10.0.4.0 0.0.0.255
route-map unSUPRESS permit 10
match ip address 2
router bgp (as)
neighbor (ip address) unsuppress-map unSUPPRESS
dont forget to do a clear ip bgp * (soft) to reset your neighbors.
After that command, that specific neighbors routing table should contain these entries:
10.0.0.0/8
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
Go ahead, try it out for yourself!
Tuesday, May 4, 2010
BGP Syncronization
We all know the BGP rule of syncronization states that BGP speaking routers will not advertise a route within the AS unless all other routers know about the route via an IGP such as EIGRP, RIP, IGRP, etc... This is basically a black hole prevention mechanism. Take the following diagram:
Worry about AS 6501 here. Imagine R0 is hosting a route to 1.1.1.1/32. The only routers running BGP in AS 6501 are R3 and R4. R3, R4, and R7 run EIGRP AS 6501 as their IGP. Now imagine that R3's link to R0 was severed, but R3 was sending packets to 1.1.1.1. It has to go through R7 to reach 1.1.1.1 now, but R7 does not have that in its routing table. It drops the packet, creating the black hole that synchronization works to prevent. This is how you tell if a route is not synchronized:
Notice the not synchronized at the bottom of the show ip bgp output. This shows that synchronization has not been accomplished with bgp and the running igp (eigrp). This is true in this case. But say R7 has a default route out the two border routers...it would then be safe to turn off synchronization via the no synch command. Another instance where it would be safe to turn it off is if all routers in the local as were running IBGP.
Worry about AS 6501 here. Imagine R0 is hosting a route to 1.1.1.1/32. The only routers running BGP in AS 6501 are R3 and R4. R3, R4, and R7 run EIGRP AS 6501 as their IGP. Now imagine that R3's link to R0 was severed, but R3 was sending packets to 1.1.1.1. It has to go through R7 to reach 1.1.1.1 now, but R7 does not have that in its routing table. It drops the packet, creating the black hole that synchronization works to prevent. This is how you tell if a route is not synchronized:
R3#show ip route 1.0.0.0
% Network not in table
R3#show ip bgp 1.0.0.0
BGP routing table entry for 1.0.0.0/8, version 19
Paths: (1 available, no best path)
Flag: 0x820
Not advertised to any peer
1200
172.16.47.2 (metric 30720) from 172.16.47.2 (172.16.47.2)
Origin IGP, metric 0, localpref 100, valid, internal, not synchronized
Notice the not synchronized at the bottom of the show ip bgp output. This shows that synchronization has not been accomplished with bgp and the running igp (eigrp). This is true in this case. But say R7 has a default route out the two border routers...it would then be safe to turn off synchronization via the no synch command. Another instance where it would be safe to turn it off is if all routers in the local as were running IBGP.
Subscribe to:
Posts (Atom)