Ccnpv7 Route Lab7-2 BGP As Path Instructor

CCNPv7 ROUTE
Chapter 7 Lab 7-2, Using the AS_PATH AttributeInstructor Version

Topology
Objectives
• Use BGP commans to pre!ent pri!ate AS numbers "rom being a!ertise to the outsie #or$%
• Use the AS_PATH attribute to "i$ter BGP routes base on their source AS numbers%
Backgroun
The &nternationa$ Tra!e$ Agenc'(s &SP has been assigne an AS number o" )**% This pro!ier uses BGP to e+change
routing in"ormation #ith se!era$ customer net#ors% ach customer net#or is assigne an AS number "rom the
pri!ate range, such as AS ./***% Con"igure the &SP router to remo!e the pri!ate AS numbers "rom the AS Path
in"ormation o" Cust0tr% &n aition, the &SP #ou$ $ie to pre!ent its customer net#ors "rom recei!ing route
in"ormation "rom &nternationa$ Tra!e$ Agenc'(s AS 1**% Use the AS_PATH attribute to imp$ement this po$ic'%
 2*13 Cisco an4or its a""i$iates% A$$ rights reser!e% This ocument is Cisco Pub$ic% Page 1 o" 11
CCNPv7 ROUTE Lab 7-2, Using the AS_PATH Attribute
Note! This $ab uses Cisco 1 531 routers #ith Cisco &6S 0e$ease 1/%3 #ith &P Base% The s#itches are Cisco S-
C25.*-23TT-L #ith 8ast thernet inter"aces, there"ore the router #i$$ use routing metrics associate #ith a 1** 9b4s
inter"ace% :epening on the router or s#itch moe$ an Cisco &6S So"t#are !ersion, the commans a!ai$ab$e an
output prouce might !ar' "rom #hat is sho#n in this $ab%
Re"uire Resources
• ) routers ;Cisco &6S 0e$ease 1/%2 o r comparab$e<
• Seria$ an thernet cab$es
#tep $! #uggeste starting con%igurations&

a% App$' the "o$$o#ing con"iguration to each rou ter a$ong #ith the appropriate 'ostna(e% The e)ec*ti(eout $ $
comman shou$ on$' be use in a $ab en !ironment%
Router(config)# no ip domain-lookup
Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config-line)# exec-timeout 0 0
#tep +! Con%igure inter%ace aresses&

b% Using the aressing scheme in the iagram , create the $oopbac inter"aces an app$' &P! 3 aresses to these
an the seria$ inter"aces on San=ose ;01<, &SP ;02<, an Cust0tr ;0)<% The &SP $oopbacs simu$ate rea$ net#ors%
Set a c$oc rate on the :C seria$ inter"aces%
SanJose(config)# interface Loopback0
SanJose(config-if)# ip address 10.1.1.1 255.255.255.0
SanJose(config-if)# exit
SanJose(config)# interface Serial0/0/0
SanJose(config-if)# ip address 12.1!".1.5 255.255.255.252
SanJose(config-if)# clock rate 12"000
SanJose(config-if)# no shutdo#n
SanJose(config-if)# end
SanJose#
ISP(config)# interface Loopback0

ISP(config-if)# ip address 10.2.2.1 255.255.255.0
ISP(config-if)# interface Serial0/0/0
ISP(config-if)# ip address 12.1!".1.! 255.255.255.252
ISP(config-if)# no shutdo#n
ISP(config-if)# exit
ISP(config)# interface Serial0/0/1
ISP(config-if)# ip address 1$2.2%.1.1$ 255.255.255.252
ISP(config-if)# clock rate 12"000
ISP(config-if)#
ISP(config-if)# no
end shutdo#n
ISP#
CustRtr(config)# interface Loopback0

CustRtr(config-if)# ip address 10.&.&.1 255.255.255.0
CustRtr(config-if)# exit
CustRtr(config)# interface Serial0/0/1
CustRtr(config-if)# ip address 1$2.2%.1.1" 255.255.255.252
CustRtr(config-if)# no shutdo#n
CustRtr(config-if)# end
CustRtr#
c% Use ping to test the connecti!it' bet#een the irect$' connecte routers%
Note! San=ose #i$$ not be ab$e to reach either &SP>s $oopbac ;1*%2%2%1< or Cust0tr>s $oopbac ;1*%)%)%1<, nor #i$$
it be ab$e to reach either en o" the $in ?oining &SP to Cust0tr ;172%23%1%17 an 172%23%1%1@<%
#tep ,! Con%igure B-P&

a% Con"igure BGP "or norma$ operation% nter the appropriate BGP commans on each router so that the' ienti"'
their BGP neighbors an a!ertise their $oopbac net#ors%
SanJose(config)# router bgp 100
SanJose(config-router)# neighbor 12.1!".1.! remote-as &00
SanJose(config-router)# net#ork 10.1.1.0 mask 255.255.255.0
ISP(config)# router bgp &00

ISP(config-router)# neighbor 12.1!".1.5 remote-as 100
ISP(config-router)# neighbor 1$2.2%.1.1" remote-as !5000
ISP(config-router)# net#ork 10.2.2.0 mask 255.255.255.0
CustRtr(config)# router bgp !5000

CustRtr(config-router)# neighbor 1$2.2%.1.1$ remote-as &00
CustRtr(config-router)# net#ork 10.&.&.0 mask 255.255.255.0
b% eri"' that these routers ha!e estab$ishe the appropriate neighbor re$ationships b' issuing the s'o. ip bgp
neig'bors comman on each router%
ISP# sho# ip bgp neighbors
BGP neighbor is 1722!11" re$ote %S &' eternal lin*
BGP +ersion ! re$ote router I, 11
BGP
3aststate
rea0 . /stablishe0
2" u for 2"
last 4rite 2" hol0 ti$e is 1" *eeali+e inter+al is & secon0s
5outut o$itte06
BGP neighbor is 121&"1' re$ote %S 1 eternal lin*

BGP +ersion ! re$ote router I, 1111
BGP state . /stablishe0 u for 1!
3ast rea0  last 4rite & hol0 ti$e is 1" *eeali+e inter+al is & secon0s
5outut o$itte06
#tep /! Re(ove t'e private 0#&

a% :isp$a' the San=ose routing tab$e using the s'o. ip route comman% San=ose shou$ ha!e a route to both
1*%2%2%* an 1*%)%)%*% Troub$eshoot i" necessar'%
SanJose#sho4 i route
Co0es 3 - local C - connecte0 S - static R - RIP 8 - $obile B - BGP
, - /IGRP /9 - /IGRP eternal : - :SP; I% - :SP; inter area
<1 -- :SP;
/1 :SP; eternal
<SS% eternal t=e
t=e 1 /2 1 <2 -eternal
- :SP; :SP; <SS% eternal
t=e 2 t=e 2
i - IS-IS su - IS-IS su$$ar= 31 - IS-IS le+el-1 32 - IS-IS le+el-2
ia - IS-IS inter area > - can0i0ate 0efault ? - er-user static route
o - :,R P - erio0ic 0o4nloa0e0 static route @ - <@RP l - 3ISP
a - alication route
A - relicate0 route  - net ho o+erri0e
Gate4a= of last resort is not set
1" is +ariabl= subnette0 ! subnets 2 $as*s

C 1112! is 0irectl= connecte0 3oobac*
 2*13 Cisco an4or its a""i$iates% A$$ rights reser!e% This ocument is Cisco Pub$ic% Page ) o" 11
3 11112 is 0irectl= connecte0 3oobac*

B 1222! D2E +ia 121&"1& !22
B 12! D2E +ia 121&"1& 1!
121&"12! is +ariabl= subnette0 2 subnets 2 $as*s
C 121&"1! is 0irectl= connecte0 Serial
3 121&"1'2 is 0irectl= connecte0 Serial
SanJose#
b% Ping the 1*%)%)%1 aress "rom San=ose%

h' oes this "ai$
_______________________________________________________________________________
_______________________________________________________________________________
This "ai$s because San=ose sources the ping #ith its c$osest connecte inter"ace s*4*4* #ith &P aress
152%1.@%1%/% Cust0tr oes not ha!e a route bac to that inter"ace, so the ping rep$ies cannot return to San=ose%
c% Ping again, this time as an e+t ene ping, sourcing "rom the Loopbac* inter"ace aress%
SanJose# ping
Protocol DiE
Farget IP a00ress 10.&.&.1
Reeat count D'E
,atagra$ sie D1E
Fi$eout in secon0s D2E
/ten0e0 co$$an0s DnE y
Source a00ress or interface 10.1.1.1
F=e of ser+ice DE
Set ,; bit in IP hea0erH DnoE
ali0ate rel= 0ataH DnoE
,ata attern D%BC,E
3oose Strict Recor0 Fi$esta$ erboseDnoneE
S4ee range of sies DnE
F=e escae seuence to abort
Sen0ing ' 1-b=te IC8P /chos to 11 ti$eout is 2 secon0s
Pac*et sent 4ith a source a00ress of 1111
KKKKK
Success rate is 1 ercent ('') roun0-tri $ina+g$a . 2"2"2" $s
SanJose#
Note Dou can b'pass e+tene ping moe an speci"' a source aress using one o" these commans
SanJose# ping 10.&.&.1 source 10.1.1.1
or
SanJose# ping 10.&.&.1 source Lo0

% Chec the BGP tab$e "rom San=ose b' using the s'o. ip bgp comman% Eote the AS path "or the 1*%)%)%*
net#or% The AS ./*** shou$ be $iste in the path to 1*%)%)%*%
SanJose# sho# ip bgp
BGP table +ersion is ' local router I, is 1111
Status co0es s suresse0 0 0a$e0 h histor= > +ali0 6 best i - internal
r RIB-failure S Stale $ $ultiath b bac*u-ath f RF-;ilter
 best-eternal a a00itional-ath c RIB-co$resse0
:rigin co0es i - IGP e - /GP H - inco$lete
RPLI +ali0ation co0es  +ali0 I in+ali0 < <ot foun0
<et4or* <et @o 8etric 3ocPrf Meight Path

>6 1112!   27&" i
>6 1222! 121&"1&    i
>6 12! 121&"1&   &' i
SanJose#
h' is this a prob$em

_______________________________________________________________________________
_______________________________________________________________________________
AS ./*** is a pri!ate AS, #hich shou$ not be pub$ic$' a!ertise on the &nternet% 6ther#ise, c$ients o" t#o
interconnecte &SPs ha!ing the same pri!ate AS number #ou$ see their o#n AS in the route a!ertisements o"
each other% As a resu$t, each c$ient #ou$ incorrect$' conc$ue that the a!ertisement came "rom itse$" an it #ou$
ignore it%
e% Con"igure &SP to strip the pri!ate AS numbers "rom BGP routes e+change #ith San=ose using the "o$$o#ing
commans%
ISP(config-router)# neighbor 12.1!".1.5 remo'e-pri'ate-as
"% A"ter issuing these commans, use the clear ip bgp 1 comman on &SP to reestab$ish the BGP re$ationship
bet#een the three routers% ait se!era$ secons an then return to San=ose to chec its routing tab$e%
Note The clear ip bgp 1 so%t comman can a$so be use to "orce each router to resen its BGP tab$e%
ISP# clear ip bgp (
ISP#
>Se " 1"!''1 BGP-'-%,JC@%<G/ neighbor 1722!11" ,o4n ?ser reset
>Se " 1"!''1 BGPNS/SSI:<-'-%,JC@%<G/ neighbor 1722!11" IP+! ?nicast
toolog= base re$o+e0 fro$ session ?ser reset
>Se " 1"!''1 BGP-'-%,JC@%<G/ neighbor 121&"1' ,o4n ?ser reset
>Se " 1"!''1 BGPNS/SSI:<-'-%,JC@%<G/ neighbor 121&"1' IP+! ?nicast
>Se " 1"!!'1' BGP-'-%,JC@%<G/ neighbor 1722!11" ?
>Se " 1"!!'1 BGP-
ISP#'-%,JC@%<G/ neighbor 121&"1' ?
ISP#
SanJose# sho# ip route

5outut o$itte06

B 1222! D2E +ia 121&"1& 2
B 12! D2E +ia 121&"1& 12
3 121&"1'2 is 0irectl= connecte0 Serial
SanJose#
 2*13 Cisco an4or its a""i$iates% A$$ rights reser!e% This ocument is Cisco Pub$ic% Page / o" 11
:oes San=ose sti$$ ha!e a route to 1*%)%)%*

_______________________________________________________________________________
Des, $earne !ia BGP "rom &SP 152%1.@%1%.%
San=ose shou$ be ab$e to ping 1*%)%)%1 using its $oopbac * inter"ace as the source o" the ping%
SanJose# ping 10.&.&.1 source lo0
F=e escae seuence to abort

Sen0ing ' 1-b=te IC8P /chos to 11 ti$eout is 2 secon0s
Pac*et sent 4ith a source a00ress of 1111
KKKKK
Success rate is 1 ercent ('') roun0-tri $ina+g$a . 2"2"2 $s
g% Eo# chec the BGP tab$e on San=ose% The AS_ PATH to the 1*%)%)%* net#or shou$ be AS )**% &t no $onger has
the pri!ate AS in the path%
SanJose# sho# ip bgp
BGP table +ersion is  local router I, is 1111

>6 1112!   27&" i
>6 1222! 121&"1&    i
>6 12! 121&"1&   i
SanJose#
#tep 2! Use t'e 0#3P0T4 attribute to %ilter routes&

As a "ina$ con"iguration, use the AS_PATH attribute to "i$ter routes base on their srcin% &n a comp$e+ en!ironment,
'ou can use this attribute to en"orce routing po$ic'% &n this case, the pro!ier router, &SP, must be con"igure so that it
oes not propagate routes that srcinate "rom AS 1** to the customer router Cust0tr%
AS-path access $ists are rea $ie regu$ar access $ists% The statements are rea seFuentia$$', an there is an imp$icit
en' at the en% 0ather than matching an aress in each statement $ie a con!entiona$ access $ist, AS path access
$ists match on something ca$$e a regu$ar e+pression% 0egu$ar e+pressions are a #a' o" matching te+t patterns an
ha!e man' uses% &n this case, 'ou #i$$ be using them in the AS path access $ist to match te+t patterns in AS paths%
a% Con"igure a specia$ in o" access $ist to match BGP routes #ith an AS_PATH attribute that both begins an ens
#ith the number 1**% nter the "o$$o#ing commans on &SP%
ISP(config)# ip as-path access-list 1 deny )100*
ISP(config)# ip as-path access-list 1 permit .(
The "irst comman uses the 5 character to inicate that the AS path must begin #ith the gi!en number 1**% The 6
character inicates that the AS_PATH attribute must a$so en #ith 1**% ssentia$$', this statement matches on$'
paths that are source "rom AS 1**% 6ther paths, #hich might inc$ue AS 1** a$ong the #a', #i$$ not match this
$ist%
&n the secon statement, the & ;perio< is a #i$car, an the 1 ;asteris< stans "or a repetition o" the #i$car%
Together, &1 matches an' !a$ue o" the AS_PATH attribute, #hich in e""ect permits an' upate that has not been
enie b' the pre!ious access*list statement%
8or more etai$s on con"iguring regu$ar e+pressions on Cisco routers, see
 2*13 Cisco an4or its a""i$iates% A$$ rights reser!e% This ocument is Cisco Pub$ic% Page . o" 11
http44###%cisco%com4c4en4us4t4ocs4ios412_24termser!4con"iguration4guie4"ters!_c4tc"aapre%htm$
http44###%cisco%com4c4en4us4support4ocs4ip4borer-gate#a'-protoco$-bgp41)7/3-2.%htm$
b% App$' the con"igure access $ist using the neig'bor comman #ith the %ilter*list option%
ISP(config-router)# neighbor 1$2.2%.1.1" filter-list 1 out
The out e'#or speci"ies that the $ist is app$ie to routing in"ormation sent to this neighbor%
c% Use the clear ip bgp 1 comman to reset the routing in"ormation% ait se!era$ secons an then chec the
routing tab$e "or &SP% The route to 1*%1%1%* shou$ be in the routing tab$e%
Note To "orce the $oca$ router to resen its BGP tab$e, a $ess isrupti!e option is to use the clear ip bgp 1 out or
clear ip bgp 1 so%t comman ;the secon comman per"orms both outgoing an incoming route res'nc<%
ISP# clear ip bgp (
ISP#
>Se " 1"!"!1' BGP-'-%,JC@%<G/ neighbor 1722!11" ,o4n ?ser reset
>Se " 1"!"!1' BGPNS/SSI:<-'-%,JC@%<G/ neighbor 1722!11" IP+! ?nicast
>Se " 1"!"!1' BGP-'-%,JC@%<G/ neighbor 121&"1' ,o4n ?ser reset
>Se " 1"!"!1' BGPNS/SSI:<-'-%,JC@%<G/ neighbor 121&"1' IP+! ?nicast
>Se " 1"!"!'1 BGP-'-%,JC@%<G/ neighbor 1722!11" ?
>Se " 1"!"!'' BGP-
ISP#'-%,JC@%<G/ neighbor 121&"1' ?
ISP#
ISP# sho# ip route

5outut o$itte06

B 1112! D2E +ia 121&"1' 2
B 12! D2E +ia 1722!11" 2
1722!1& is +ariabl= subnette0 2 subnets 2 $as*s
C 1722!11& is 0irectl= connecte0 Serial1
3 1722!1172 is 0irectl= connecte0 Serial1
3 121&"1&2 is 0irectl= connecte0 Serial
ISP#
% Chec the routing tab$e "or Cust0tr% &t shou$ not ha!e a rou te to 1*%1%1%* in its routing tab$e%
CustRtr# sho# ip route
5outut o$itte06
1" is +ariabl= subnette0  subnets 2 $as*s

B 1222! D2E +ia 1722!117 2
C 12! is 0irectl= connecte0 3oobac*
3 112 is 0irectl= connecte0 3oobac*
1722!1& is +ariabl= subnette0 2 subnets 2 $as*s
C 1722!11& is 0irectl= connecte0 Serial1
3 1722!11"2 is 0irectl= connecte0 Serial1
CustRtr#
e% 0eturn to &SP an !eri"' that the "i$ter is #oring as intene% &ssue the s'o. ip bgp rege)p 5+$$6 comman%
ISP# sho# ip bgp regexp )100*
BGP table +ersion is ! local router I, is 1221

>6 1112! 121&"1'   1 i
ISP#
The output o" this comman sho#s a$$ matches "or the regu$ar e+pressions that #ere use in the access $ist% The
path to 1*%1%1%* matches the access $ist an is " i$tere "rom upates to Cust0tr%
"% 0un the "o$$o#ing Tc$ script on a$$ routers to !eri"' #hether there is connecti!it'% A$$ pings "rom &SP shou$ be
success"u$% San=ose shou$ not be ab$e to ping the Cust0tr $oopbac 1*%)%)%1 or the AE $in 172%23%1%1.4)*%
Cust0tr shou$ not be ab$e to ping the San=ose $oopbac 1*%1%1%1 or the AE $in 152%1.@%1%34)*%
ISP# tclsh
foreach address +
10.1.1.1
10.2.2.1
10.&.&.1
12.1!".1.5
12.1!".1.!
1$2.2%.1.1$
1$2.2%.1.1"
, +
ping *address ,
 2*13 Cisco an4or its a""i$iates% A$$ rights reser!e% This ocument is Cisco Pub$ic% Page @ o" 11
evice Con%igurations 8Instructor version9
Initial Con%igurations
Router #an:ose 8R+9

hostna$e SanJose
K
interface 3oobac*
i a00ress 1111 2''2''2''
K
interface Serial
i a00ress 121&"1' 2''2''2''2'2
cloc* rate 12"
no shut0o4n
Router I#P 8R,9

hostna$e ISP
K
i a00ress 1221 2''2''2''
K
i shut0o4n
no a00ress 121&"1& 2''2''2''2'2
K
interface Serial1
i a00ress 1722!117 2''2''2''2'2
no shut0o4n
Router CustRtr 8R/9

hostna$e CustRtr
K
i a00ress 11 2''2''2''
K
i a00ress 1722!11" 2''2''2''2'2
no shut0o4n
evice Con%igurations 8Instructor version9
Router #an:ose 8R+9

hostna$e SanJose
K
i a00ress 1111 2''2''2''
K
K
i a00ress 121&"1' 2''2''2''2'2
no shut0o4n
K
router bg 1
bg log-neighbor-changes
net4or* 111 $as* 2''2''2''
neighbor 121&"1& re$ote-as 
K
en0
Router I#P 8R,9

hostna$e ISP
K
i a00ress 1221 2''2''2''
K
i a00ress 121&"1& 2''2''2''2'2
no shut0o4n
K
i a00ress 1722!117 2''2''2''2'2
no shut0o4n
K
router bg 
net4or* 122 $as* 2''2''2''
neighbor 1722!11" re$ote-as &'
neighbor 1722!11" filter-list 1 out
neighbor 121&"1' re$ote-as 1
neighbor 121&"1' re$o+e-ri+ate-as
K
i as-ath access-list 1 0en= O1
i as-ath access-list 1 er$it >
K
en0
Router CustRtr 8R/9

hostna$e CustRtr
K
i a00ress 11 2''2''2''
K
i a00ress 1722!11" 2''2''2''2'2
no shut0o4n
K
 2*13 Cisco an4or its a""i$iates% A$$ rights reser!e% This ocument is Cisco Pub$ic% Page 1* o" 11
router bg &'

net4or* 1 $as* 2''2''2''
neighbor 1722!117 re$ote-as 
K
en0

Ccnpv7 Route Lab7-2 BGP As Path Instructor

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Ccnpv7 Route Lab7-2 BGP As Path Instructor

Caricato da

Copyright:

Formati disponibili

CCNPv7 ROUTE

Chapter 7 Lab 7-2, Using the AS_PATH AttributeInstructor Version

#tep $! #uggeste starting con%igurations&

#tep +! Con%igure inter%ace aresses&

ISP(config)# interface Loopback0

CustRtr(config)# interface Loopback0

#tep ,! Con%igure B-P&

ISP(config)# router bgp &00

CustRtr(config)# router bgp !5000

BGP neighbor is 121&"1' re$ote %S 1 eternal lin*

#tep /! Re(ove t'e private 0#&

Gate4a= of last resort is not set

1" is +ariabl= subnette0 ! subnets 2 $as*s

3 11112 is 0irectl= connecte0 3oobac*

b% Ping the 1*%)%)%1 aress "rom San=ose%

SanJose# ping 10.&.&.1 source Lo0

<et4or* <et @o 8etric 3ocPrf Meight Path

h' is this a prob$em

SanJose# sho# ip route

1" is +ariabl= subnette0 ! subnets 2 $as*s

:oes San=ose sti$$ ha!e a route to 1*%)%)%*

F=e escae seuence to abort

<et4or* <et @o 8etric 3ocPrf Meight Path

#tep 2! Use t'e 0#3P0T4 attribute to %ilter routes&

8or more etai$s on con"iguring regu$ar e+pressions on Cisco routers, see

ISP# sho# ip route

1" is +ariabl= subnette0 ! subnets 2 $as*s

1" is +ariabl= subnette0  subnets 2 $as*s

<et4or* <et @o 8etric 3ocPrf Meight Path

evice Con%igurations 8Instructor version9

Router #an:ose 8R+9

Router I#P 8R,9

Router CustRtr 8R/9

evice Con%igurations 8Instructor version9

Router #an:ose 8R+9

Router I#P 8R,9

Router CustRtr 8R/9

router bg &'

Potrebbero piacerti anche

:oes San=ose sti$$ ha!e a route to 1%)%)%