Cisco BGP

see also: networking, cisco, Secure BGP template for Cisco


commands:

closes bgp sessions

clear ip bgp *

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#wp1002274

Please write more coments on configurations!!

router bgp 15393
 no synchronization
 bgp dampening
 neighbor customer-pg peer-group
 neighbor customer-pg route-map customer-rm in
 neighbor customer-pg route-map standardout out
 neighbor X.X.X.A peer-group customer-pg
 neighbor X.X.X.A remote-as 65502
 neighbor X.X.X.A filter-list 100 in
 neighbor X.X.X.A distribute-list 100 in
!
! as-path filter to catch peers announcements
no ip as-path access-list 100
ip as-path access-list 100 permit _(65502)$
! acl to catch adverts for peers address space
no access-list 100
access-list 100 permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

! acl to catch adverts for sub-aggregates of own address space

no access-list 199
access-list 199 permit ip X.X.X.0 0.0.31.255 255.255.240.0 0.0.15.255
! acl to catch adverts for own address space
no access-list 97
access-list 97 permit X.X.X.0 0.0.31.255
! acl to catch adverts for bogus address space
no access-list 98
access-list 98 permit 10.0.0.0 0.255.255.255
access-list 98 permit 172.16.0.0 0.15.255.255
access-list 98 permit 192.168.0.0 0.0.255.255
access-list 98 permit 0.0.0.0 0.255.255.255
access-list 98 permit 127.0.0.0 0.255.255.255
access-list 98 permit 128.0.0.0 0.0.255.255
access-list 98 permit 191.255.0.0 0.0.255.255
access-list 98 permit 192.0.0.0 0.0.0.255
access-list 98 permit 223.255.255.0 0.0.0.255
access-list 98 permit 224.0.0.0 15.255.255.255
! acl to catch adverts for default route
no access-list 99
access-list 99 permit 0.0.0.0 0.0.0.0
route-map customer-rm deny 10
 match ip address 97 98 99
route-map customer-rm permit 20
set local-preference 150
route-map standardout deny 10
 match ip address 98 99 199
route-map standardout permit 20

Useful commands

FIXME - styling (and more detailed)

 Router# show ip bgp nei 172.16.0.2 received-routes

and

 Router# show ip bgp nei 172.16.0.2 routes

and

 Router# show ip bgp rib-failure

Preventing AS from becoming Transit AS

To prevent your AS from becoming a Transit AS, use following startegy Create a route map say “transit” in config mode

 route-map transit permit 10
 match as-path 1

In config mode, use following command

 ip as-path access-list 1 deny ^$

This command will only allow routes with origin code “i” and filter all routes with incomplete as-path. Apply the above route-map with neighbor statement

 router bgp 64000
 neighbor 2.2.2.2 route-map transit in

Only routes with origin code” i” will enter your AS.

AS-path prepending

 router bgp 65001
   neighbor 10.1.0.2 remote-as 65200
   neighbor 10.1.0.2 description Backup ISP
   neighbor 10.1.0.2 route-map prepend out
  !
  route-map prepend permit 10
  set as-path prepend 65001 65001 65001

Extracting BGP info with regular expressions

Short version:

 show ip bgp regexp [AS]$ - list all network paths with that AS
 show ip bgp regexp _AS_ - match any route going through AS
 show ip bgp regexp _AS AS_ - match any route passed through AS and AS
 show ip bgp regexp _AS$ - match only routes originated in this AS

To find all subnets originating from AS 100 (AS path ends with 100):

Router# show ip bgp regexp _100$

 ...
    Network          Next Hop            Metric LocPrf Weight Path
 *  10.1.0.0/30      172.16.0.6                             0 300 100 ?
 *>                  172.16.0.1               0             0 100 ?
 *  172.16.0.0/30    172.16.0.6                             0 300 100 ?
 *                   172.16.0.1               0             0 100 ?
 ...

To find all subnets reachable via AS 100 (AS path begins with 100):

Router# show ip bgp regexp ^100_

 ...
    Network          Next Hop            Metric LocPrf Weight Path
 *> 10.1.0.0/30      172.16.0.1               0             0 100 ?
 *  10.3.0.0/30      172.16.0.1                             0 100 300 ?
 *  172.16.0.0/30    172.16.0.1               0             0 100 ?
 *> 172.16.0.8/30    172.16.0.1               0             0 100 ?
 ...

To find all routes traversing AS 100:

Router# show ip bgp regexp _100_

 ...
    Network          Next Hop            Metric LocPrf Weight Path
 *  10.1.0.0/30      172.16.0.6                             0 300 100 ?
 *>                  172.16.0.1               0             0 100 ?
 *  10.3.0.0/30      172.16.0.1                             0 100 300 ?
 *  172.16.0.0/30    172.16.0.6                             0 300 100 ?
 ...

If you need to further filter the output, use quote-regexp instead. For example, to find all 172.x.x.x routes originating from AS 100:

Router# show ip bgp quote-regexp “_100$” | include ^. 172\.

  ...
  *  172.16.0.0/30    172.16.0.6                             0 300 100 ?
  *  172.31.0.1/32    172.16.0.6                             0 300 100 ?

Or, to find all subnets currently being reached via AS 100:

Router# show ip bgp quote-regexp “^100_” | i ^.>

  • > 10.1.0.0/30 172.16.0.1 0 0 100 ?
  • > 172.16.0.8/30 172.16.0.1 0 0 100 ?
  • > 172.31.0.1/32 172.16.0.1 0 0 100 ?
cisco/bgp.txt · Last modified: 2009/05/25 00:35 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready