Rahul Singh has upload his blog with great explanation about VPN site to site:
thanks Rahul Singh
30 Monday Apr 2012
Posted Cisco
inRahul Singh has upload his blog with great explanation about VPN site to site:
thanks Rahul Singh
24 Tuesday Apr 2012
Posted
in UncategorizedBy default BGP used MD5 for authentication it’s neighboor, this time I was learn how to make secure my BGP Session
=== R5 ==
R5(config)#router bgp 10
R5(config-router)#neighbor 5.5.5.5 password 5 cisco123
==== R6 ====
R8(config)#router bgp 20
R8(config-router)#neighbor 5.5.5.5 password 5 cisco123
23 Monday Apr 2012
Posted Cisco
inBGP Confederation Are use to hide multiple iBGP Mesh autonomouse system into one sub Autonomous System which Call Confederation AS.
Here with the Example from the Topology
R4
router bgp 10
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 300
bgp confederation peers 20
network 4.4.4.4 mask 255.255.255.255
redistribute connected
neighbor 5.5.5.5 remote-as 10
neighbor 5.5.5.5 update-source Loopback0
neighbor 6.6.6.6 remote-as 200
neighbor 6.6.6.6 ebgp-multihop 2
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
no auto-summary
R5
router bgp 10
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 300
bgp confederation peers 20 400
network 5.5.5.5 mask 255.255.255.255
redistribute connected
neighbor 4.4.4.4 remote-as 10
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 6.6.6.6 remote-as 200
neighbor 6.6.6.6 ebgp-multihop 2
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
neighbor 8.8.8.8 remote-as 20
neighbor 8.8.8.8 ebgp-multihop 2
neighbor 8.8.8.8 update-source Loopback0
neighbor 8.8.8.8 next-hop-self
no auto-summary
R5#
R6
R6# sh run | s router bgp
router bgp 200
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 4.4.4.4 remote-as 300
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 5.5.5.5 remote-as 300
neighbor 5.5.5.5 ebgp-multihop 2
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
no auto-summary
R8
R8#sh run | s router bgp
router bgp 20
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 300
bgp confederation peers 10 400
network 8.8.8.8 mask 255.255.255.255
network 192.168.89.0
redistribute connected
neighbor 5.5.5.5 remote-as 10
neighbor 5.5.5.5 ebgp-multihop 2
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
neighbor 9.9.9.9 remote-as 20
neighbor 9.9.9.9 update-source Loopback0
neighbor 9.9.9.9 next-hop-self
no auto-summary
R9
router bgp 20
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 300
bgp confederation peers 10 200 400
network 9.9.9.9 mask 255.255.255.255
redistribute connected
neighbor 8.8.8.8 remote-as 20
neighbor 8.8.8.8 update-source Loopback0
no auto-summary
R9#
here the show from :
R9#show ip bgp
BGP table version is 36, local router ID is 9.9.9.9
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 8.8.8.8 0 100 0 (10) ?
*>i5.5.5.0/24 8.8.8.8 0 100 0 (10) ?
*>i6.6.6.6/32 8.8.8.8 0 100 0 (10) 200 ?
*>i8.8.8.0/24 8.8.8.8 0 100 0 ?
*> 9.9.9.0/24 0.0.0.0 0 32768 ?
*>i192.168.24.0 8.8.8.8 0 100 0 (10) ?
*>i192.168.34.0 8.8.8.8 0 100 0 (10) ?
*>i192.168.45.0 8.8.8.8 0 100 0 (10) ?
*>i192.168.46.0 8.8.8.8 0 100 0 (10) ?
*>i192.168.56.0 8.8.8.8 0 100 0 (10) ?
*>i192.168.58.0 8.8.8.8 0 100 0 ?
*>i192.168.67.0 8.8.8.8 0 100 0 (10) 200 ?
*> 192.168.89.0 0.0.0.0 0 32768 ?
* i 8.8.8.8 0 100 0 i
*> 192.168.109.0 0.0.0.0 0 32768 ?
————————————————————————————————-
R6#sh ip bgp
BGP table version is 34, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
* 4.4.4.0/24 5.5.5.5 0 300 ?
*> 4.4.4.4 0 0 300 ?
* 5.5.5.0/24 4.4.4.4 0 300 ?
*> 5.5.5.5 0 0 300 ?
*> 6.6.6.6/32 0.0.0.0 0 32768 ?
* 8.8.8.0/24 4.4.4.4 0 300 ?
*> 5.5.5.5 0 300 ?
* 9.9.9.0/24 4.4.4.4 0 300 ?
*> 5.5.5.5 0 300 ?
* 192.168.24.0 5.5.5.5 0 300 ?
*> 4.4.4.4 0 0 300 ?
* 192.168.34.0 5.5.5.5 0 300 ?
*> 4.4.4.4 0 0 300 ?
* 192.168.45.0 5.5.5.5 0 0 300 ?
*> 4.4.4.4 0 0 300 ?
* 192.168.46.0 5.5.5.5 0 300 ?
* 4.4.4.4 0 0 300 ?
*> 0.0.0.0 0 32768 ?
* 192.168.56.0 4.4.4.4 0 300 ?
* 5.5.5.5 0 0 300 ?
*> 0.0.0.0 0 32768 ?
*> 192.168.58.0 4.4.4.4 0 300 ?
* 5.5.5.5 0 0 300 ?
*> 192.168.67.0 0.0.0.0 0 32768 ?
* 192.168.89.0 4.4.4.4 0 300 i
*> 5.5.5.5 0 300 i
* 192.168.109.0 4.4.4.4 0 300 ?
*> 5.5.5.5 0 300 ?
R6#
R6#
R6#
11 Wednesday Apr 2012
Posted Cisco
inBGP has peering with external BGP (EGP), it’s would appears as iBGP origin (I).
R4#sh run | s router bgp
router bgp 300 no synchronization bgp log-neighbor-changes network 192.168.46.0 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 ebgp-multihop 2 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self neighbor 2.2.2.2 route-map ORIGIN in neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 ebgp-multihop 2 neighbor 3.3.3.3 update-source Loopback0 neighbor 3.3.3.3 next-hop-self no auto-summary R4#sh ip bgp BGP table version is 16, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path * 1.1.2.2/32 3.3.3.3 2 0 100 i <==== IGP Origin *> 2.2.2.2 2 0 100 ? * 192.168.12.0 3.3.3.3 2 0 100 ? *> 2.2.2.2 0 0 100 ? *> 192.168.13.0 3.3.3.3 0 0 100 ? * 2.2.2.2 2 0 100 ? *> 192.168.46.0 0.0.0.0 0 32768 i |
We need to add Route-Map to identified it’s neighbor are EGP
R4#sh run | s access-list
access-list 10 permit 1.1.2.2 access-list 10 permit any R4#sh run | s route-map route-map ORIGIN permit 10 match ip address 10 set origin egp 100
|
Then Apply to Bgp Router configuration
R4#conf t
Enter configuration commands, one per line. End with CNTL/Z. R4(config)#router bgp 300 R4(config-router)# neighbor 2.2.2.2 route-map ORIGIN in R4(config-router)#neighbor 3.3.3.3 route-map ORIGIN in R4#sh ip *Mar 1 00:44:03.439: %SYS-5-CONFIG_I: Configured from console by console R4#sh ip bgp BGP table version is 3, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete Network Next Hop Metric LocPrf Weight Path * 1.1.2.2/32 3.3.3.3 2 0 100 e <== Now E-BGP *> 2.2.2.2 2 0 100 e *> 192.168.46.0 0.0.0.0 0 32768 i |
192.168.46.0 segment route still got ibgp because its are local advertise.
Show BGP for ip 1.1.2.2 to verify
R4#sh ip bgp 1.1.2.2
BGP routing table entry for 1.1.2.2/32, version 2 Paths: (2 available, best #2, table Default-IP-Routing-Table) Advertised to update-groups: 2 100 3.3.3.3 from 3.3.3.3 (3.3.3.3) Origin EGP, metric 2, localpref 100, valid, external 100 2.2.2.2 from 2.2.2.2 (2.2.2.2) Origin EGP, metric 2, localpref 100, valid, external, best |
ORIGIN are EGP for ip add 1.1.2.2.