back to squares...
as100#sh run
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Serial1/1
ip address 192.168.1.5 255.255.255.252
serial restart-delay 0
clock rate 128000
as300#sh run
interface Loopback0
ip address 10.2.2.1 255.255.255.0
!
interface Serial1/1
ip address 192.168.1.6 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 172.24.1.17 255.255.255.252
serial restart-delay 0
clock rate 128000
as65000#sh run
interface Loopback0
ip address 10.3.3.1 255.255.255.0
!
interface Serial1/2
ip address 172.24.1.18 255.255.255.252
serial restart-delay 0
what i think i know... the interfaces that are connected are set up as neighbors with the corresponding as's... the lo's are set up as networks, with their masks...it doesn't matter if the as's are the same, they are remote... in this case they are different...
ok?
as100#sh run | beg router
router bgp 100
bgp log-neighbor-changes
network 10.1.1.0 mask 255.255.255.0
neighbor 192.168.1.6 remote-as 300
as300#sh run | beg router
router bgp 300
bgp log-neighbor-changes
network 10.2.2.0 mask 255.255.255.0
neighbor 172.24.1.18 remote-as 65000
neighbor 192.168.1.5 remote-as 100
as65000# sh run | beg router
router bgp 65000
bgp log-neighbor-changes
network 10.3.3.0 mask 255.255.255.0
neighbor 172.24.1.17 remote-as 300
i only know what i can prove, like tom cruise said in a few good men...
sunny point number 1
as100 will show as300 as it's neighbor, and as300's rid will be it's highest lo, the only one, in this case... and the link has been established...
as100#sh ip bgp neigh
BGP neighbor is 192.168.1.6, remote AS 300, external link
BGP version 4, remote router ID 10.2.2.1
BGP state = Established, up for 00:03:43
good... sunny point number 2... as6500 will behave similarly...
as65000#sh ip bgp neigh
BGP neighbor is 172.24.1.17, remote AS 300, external link
BGP version 4, remote router ID 10.2.2.1
BGP state = Established, up for 00:09:34
the world can continue to revolve on its axis...
on the other hand, i will have 2 neighbors on as300, each with a different rid...
as300#sh ip bgp neigh
BGP neighbor is 172.24.1.18, remote AS 65000, external link
BGP version 4, remote router ID 10.3.3.1
BGP state = Established, up for 00:13:25
BGP neighbor is 172.24.1.18, remote AS 65000, external link
BGP version 4, remote router ID 10.3.3.1
BGP state = Established, up for 00:13:25
BGP version 4, remote router ID 10.1.1.1
BGP state = Established, up for 00:16:04
about the mask statement... if i remove the mask on as100, lo0
as100(config)#router bgp 100
as100(config-router)#no netw 10.1.1.0 mask 255.255.255.0
as100(config-router)#netw 10.1.1.0
i can't ping 10.1.1.1 from as300... makes sense... the absolute path no longer exists...
as100(config-router)#do sh run | beg router
router bgp 100
bgp log-neighbor-changes
network 10.1.1.0
neighbor 192.168.1.6 remote-as 300
as300#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
however, it remains the rid for as100... if i shut interface lo0 the rid will then change to the highest hardware interface...
as300#sh ip bgp neigh | beg AS 100
BGP neighbor is 192.168.1.5, remote AS 100, external link
BGP version 4, remote router ID 192.168.1.5
BGP state = Established, up for 00:09:13
renewing this information requires a reset...
*Aug 25 15:10:18: %BGP-5-ADJCHANGE: neighbor 192.168.1.5 Up
as300#sh ip bgp neigh | beg AS 100
BGP neighbor is 192.168.1.5, remote AS 100, external link
BGP version 4, remote router ID 10.1.1.1
i need to establish expected behaviors for myself... i need to see it, and make it happen... i can't just read it and consider it gospel... can you... can you afford to do that?
the world is not flat, and i will not fall off the end of it...
as300#sh ip route bgp
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.1.1.0/24 [20/0] via 192.168.1.5, 00:15:00
B 10.3.3.0/24 [20/0] via 172.24.1.18, 00:15:31
from as300 i have one bgp route each to each connected router... these routes are identified by their rid's and via their connected links... if this is beyond you, don't waste your time here, go find narbik or something...
as100#ping 10.3.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
as100#ping 10.3.3.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
as100#
what i can prove here... a ping is only capable to as65000 from as100 sourcing from lo0... without the source statement, the ping is attempted from the connected address and fails...
as100#sh ip bgp
BGP table version is 4, local router ID is 10.1.1.1
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.2.0/24 192.168.1.6 0 0 300 i
*> 10.3.3.0/24 192.168.1.6 0 300 65000 i
in the output, the path to 10.3.3.0 is through the private-as 65000...
as300#sh ip bgp
BGP table version is 6, local router ID is 10.2.2.1
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 192.168.1.5 0 0 100 i
*> 10.2.2.0/24 0.0.0.0 0 32768 i
*> 10.3.3.0/24 172.24.1.18 0 0 65000 i
the path for this network is exposing the private address 65000... it is incumbent on an isp to hide an address in the private range... the bgp private range is 64512-65535...
this is the command to hide the private AS...
as300(config)#router bgp 300
as300(config-router)#neighbor 192.168.1.5 remove-private-as
after a reset the route returns, but without the private AS...
as100#sh ip bgp
BGP table version is 8, local router ID is 10.1.1.1
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.2.0/24 192.168.1.6 0 0 300 i
*> 10.3.3.0/24 192.168.1.6 0 300 i
this has hidden the private AS only... the ping is still not available from the wan link...
as100#ping 10.3.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
as100#ping 10.3.3.1 sourc lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
the ping is available when sourced from the lo, however... this is by design...
only advertised networks are available to each other, as in the above case, the 10's...
here is a discussion on that...
http://www.davidsudjiman.info/2007/12/17/bgp-why-we-need-to-create-static-route-to-advertise-a-network/
and this:
http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/operation/advertisements.shtml
BGP is a PATH VECTOR protocol, which means that it does not keep track of internal routing within the AS, but rather keeps track of paths through other autonomous systems to reach destination networks. Any network that is not being advertised, cannot be reached.
No comments:
Post a Comment