Internet Exchange Point Lab Exercise ------------------------------------ Configuring BGP Peering with an Upstream and Configuring Local BGP Peering across IXP 1. Remove the entire old configuration from your router with the exception of the interface configurations and user access permissions. We will be using two Ethernet links for this exercise. 2. Confirm that you are no longer receiving OSPF or BGP routes by doing a "show ip route" Connect one of your router's ethernet ports to the upstream router according to the diagram. We will now set up eBGP between all of the routers in the classroom and the corresponding upstream router. Each table is its own AS. For example, Table A is AS 1, Table B is AS 2, etc. 3. Figure out your AS number. AS: Verify your addressing scheme. 4. We will set up peering sessions according the map. Contact your upstream provider for the IP addresses you are going to use for your Point-to-Point link. 5. Configure BGP on your router to announce your network. 6. Set up a peering session with the upstream router. RouterA(config)#router bgp 1 ! use your AS number RouterA(config-router)#neighbor 196.200.220.12 remote-as 100 ! use the IP address and AS number of your neighbor RouterA(config-router)#neighbor 196.200.220.12 descr My-Peer-with-AS100 RouterA(config-router)#neighbor 196.200.220.12 prefix-list my-routes out RouterA(config-router)#neighbor 196.200.220.12 prefix-list sanity-filter in 7. Define the prefix-lists that you will need. This specifies which routes you will send out and which routes you will accept. RouterA(config)#ip prefix-list my-routes permit 196.200.220.16/28 RouterA(config)#ip prefix-list my-routes deny 0.0.0.0/0 le 32 RouterA(config)# RouterA(config)#ip prefix-list sanity-filter deny 10.0.0.0/8 le 32 RouterA(config)#ip prefix-list sanity-filter deny 127.0.0.0/8 le 32 RouterA(config)#ip prefix-list sanity-filter deny 172.16.0.0/12 le 32 RouterA(config)#ip prefix-list sanity-filter deny 192.0.2.0/24 le 32 RouterA(config)#ip prefix-list sanity-filter deny 192.168.0.0/16 le 32 RouterA(config)#ip prefix-list sanity-filter permit 0.0.0.0/0 le 32 Notice that you will have to confirm with your upstream as to what routes they are planning to send you. In the case above, the neighbor is sending everything. Double check that you set your "my-routes" outbound filter to contain the network you wish to announce. The entries with sequence number 50 are used to deny default routes. 8. Check to see if the peering session is up: Router#show ip bgp sum BGP router identifier 196.200.220.17, local AS number 1 BGP table version is 3, main routing table version 3 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 196.200.220.12 4 1 0 0 3 0 0 never Idle 9. Check to see if you are receiving routes from your upstream. You should accept "full" routes or default from your upstream. Router#show ip bgp What routes are you receiving? Other commands to monitor BGP: Router#sh ip route Router#sh ip bgp Router#sh ip bgp neighbor Router#sh ip bgp neighbor x.x.x.x routes Router#sh ip bgp neighbor x.x.x.x received-routes [*] [*] Only works if "soft-reconfiguration inbound" has been configured for this peer 10. Traceroute to all of the other networks in the classroom. Notice the path that they take. 11. Set up an exchange point for all of the classroom peers. Find a switch to use to connect everyone to a shared medium. Use 196.200.220.224/28 as the exchange point address space. 12. Gather the necessary information from all of your peers: AS number of neighbor Prefixes they will be announcing IP address for peering --------------------- -------------------------------- ---------------------- 13. Negotiate peering sessions with all your neighbors (local ISPs). Set these eBGP peering sessions up. Be sure to configure your filters correctly! Only accept customer routes from your peers. Only announce your routes (don't provide transit!) to your peers. Note: Often, in a BGP speaker, many neighbors are configured with the same update policies (that is, the same outbound route maps, prefix-lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into peer groups to simplify configuration and, more importantly, to make updating more efficient. When you have many peers, this approach is highly recommended. We can use this to simplify our outbound configuration for our peers. We should be announcing just our prefix to our Exchange Point peers: For example: router bgp 1 neighbor XP-peers peer-group neighbor XP-peers filter-list 99 out neighbor XP-peers description Exchange Point Peers ... neighbor 196.200.220.226 remote-as 2 neighbor 196.200.220.226 peer-group XP-peers neighbor 196.200.220.226 filter-list 42 in neighbor 196.200.220.227 remote-as 3 neighbor 196.200.220.227 peer-group XP-peers neighbor 196.200.220.227 filter-list 43 in neighbor 196.200.220.228 remote-as 4 neighbor 196.200.220.228 peer-group XP-peers neighbor 196.200.220.229 filter-list 44 in ... ! ip as-path access-list 42 permit ^2$ ... ip as-path access-list 99 permit ^$ etc 14. Use a hold-down route for your aggregate for stability 15. Traceroute to all of the networks in the class now. What path do you take? Do you see the improvement? Configuring BGP Peering with a Route Collector at an IXP -------------------------------------------------------- 16. The instructors will have set up a router to be a Route Collector. A route collector simply collects all the prefixes available at the IXP. 17. Set up your peering session with the Route Collector: router bgp 1 neighbor 196.200.220.238 remote-as 65523 neighbor 196.200.220.238 prefix-list my-routes out neighbor 196.200.220.238 prefix-list deny-all in ! ip prefix-list deny-all deny 0.0.0.0/0 le 32 Note that you do not expect to hear any prefix announcements from the Route Collector. 18. Once everyone is peering with the Route Collector, the class will be shown what the Route Collector's BGP table looks like Configuring BGP Peering with a Route Server at an IXP ----------------------------------------------------- 19. We will now convert the Route Collector above into a Route Server. Some IXPs use a Route Server to gather all the routes available at the IXP and distribute them to all the IXP members. 20. Remove the BGP configuration used for peers at the IXP from your router with the exception of the configurations for upstream provider and with the Route Collector. Or you can use the bgp neighbor shutdown command, for example: RouterB(config)#router bgp 2 RouterB(config-router)#neighbor 196.200.220.225 shutdown RouterB(config-router)#neighbor 196.200.220.227 shutdown ...etc... 21. Confirm that you are not longer receiving BGP prefixes from the IX by doing a show ip route. 22. Change the Route Collector BGP configuration to be that for a Route Server. Basically this means replacing the "deny-all" prefix list with the "my-peer" prefix-list. RouterA(config)#router BGP 1 RouterA(config-router)#no neighbor 196.200.220.238 prefix-list deny-all in Refresh the BGP session using "clear ip bgp 65523 in". 23. Check how many prefixes the Route Server is sending you using "sh ip bgp sum". Also look at the paths of the BGP prefixes you are being sent. Notice the Route Server's ASN now appears in the AS Path. 24. Traceroute to all of the networks in the class now. Did it take the same path as previously? Do you see the reduction in complexity of adding peers to the exchange? 25. Do you notice any interesting features in the routing table? If so what? 26. We now apply local preference to the prefixes we learn from the Route Server. Default local preference is 100, so we need to increase the local preference to ensure that all the paths learned from the Exchange are the prefered paths. For example: RouterC(config)#route-map set-local-pref permit 10 RouterC(config-route)#set local-preference 200 RouterC(config)# RouterC(config)#router bgp 3 RouterC(config-router)#neighbor 196.200.220.238 route-map set-local-pref in 27. Remember to "clear ip bgp 65523 in" to apply the new route-map above. Now look at the BGP table. What differences do you see compared with Step 23 above?