Header Navigation

Thursday, September 01, 2016

Nokia-Juniper-Cisco Part- 3 - BGP-4 Routing Protocol Configuration

1. Overview

Border Gateway Protocol (BGP) is an inter-Autonomous System routing protocol – RFC 4271
Figure 1 - NJC BGP Part
This protocol provides reachability information to external network with enabling the exchange of routing information between AS’s to allow data flow between them. Routing information exchanged via BGP supports only the destination based forwarding paradigm, which assumes that a router forwards a packet based solely on the destination address carried in the IP header of the packet.
BGP using TCP port 179 as its transport protocol. The TCP connection is formed between two system, then exchange messages to open and confirm the connection parameters. The initial data flow is the portion of the BGP routing table that is allowed by the export policy, called the Adj-Ribs-Out. Incremental updates are sent as the routing tables change. BGP does not require a periodic refresh of the routing table.

1.1 Autonomous System

Autonomous System (AS) is a set of routers under a single technical administration, using an interior gateway protocol (IGP) and common metrics to determine how to route packets within the AS, and using an inter-AS routing protocol to determine how to route packets to other ASes. AS identified by either 16-bit or 32-bit number. Below for 16-bit AS number was defined:

  1. Public Autonomous System Number is AS number that allocated by IANA. It has range from AS 1 - AS 56319
  2. Reversed Autonomous System Number is AS number that reserve by some organization for several reason, and research
    • AS 0 for non-routed networks
    • AS 23456 for 4-bytes backward compatibility (known as AS_TRANSIT)
    • AS 56320 – AS 64495 reserved by IANA
    • AS 64496 – AS 64511 for documentation, books, and soon
    • AS 65535 Reserved by IANA
  3. Private Autonomous System is AS number that allocated for service provider for administer their private large local network, range 64512 - 65534

1.2 BGP Session Type

A peer in a different AS is referred to as an external peer, while a peer in the same AS is referred to as an internal peer. Internal BGP and external BGP are commonly abbreviated as IBGP and EBGP.
A session between 2 devices in different AS’s is referred to as an eBGP session. It is typical for devices that have an eBGP session between them to be directly connected, to share a common data link, but it is not mandatory. Because the devices are in different AS’s, the administration of each device is typically handled separately. Care must be taken to ensure that the configuration parameters match, so that the peering will succeed. eBGP can be classified into two major categories: Peering and Transit.
A session between 2 devices in the same AS is referred to as an iBGP session. It is possible for devices that have an iBGP session between them to not be directly connected. Because the devices are in the same AS, the administration of each device is typically handled by the same organization. Care must still be taken, however, to ensure that the configuration parameters match, so that the peering will succeed

Figure 2 - iBGP and eBGP Session

1.3 BGP Operation

BGP uses unicast TCP/IP for neighbor establishment. It is possible for neighbor relationships to be established with any device that is IP-reachable. Generic TCP/IP applications use a 3-way handshake for session establishment. After the session is established, the applications exchange or negotiate a set of parameters for the session. If application-level parameters are also acceptable, a session is established at the application layer and data is exchanged. Periodic user data keeps the session alive and, when the session is to be terminated, either user input or an inactivity timeout will cause the application session to be torn down.
The complexity of BGP is the size of the topology and routing tables, which are much larger than in an IGP environment. The increased size of these tables means that factors such as CPU loading, memory utilization, update generation, and route processing, have a far greater implication in BGP.
These factors, and others, affect convergence. Convergence may be viewed in two ways. Local convergence is the time taken for a single router to receive and process all outstanding messages, and settle on a stable topology. Network convergence is the time taken for all routers in the system to settle on a stable topology. In IGP terms, the system is usually the local AS. In BGP terms, the system is the Internet.
To establish, BGP session must follow BGP Finite State Machine Process. The first state is the “Idle” state. In the “Idle” state, BGP initializes all resources, refuses all inbound BGP connection attempts and initiates a TCP connection to the peer. The second state is “Connect”. In the “Connect” state, the router waits for the TCP connection to complete and transitions to the "OpenSent" state if successful. If unsuccessful, it starts the ConnectRetry timer and transitions to the "Active" state upon expiration. In the "Active" state, the router resets the ConnectRetry timer to zero and returns to the "Connect" state. In the "OpenSent" state, the router sends an Open message and waits for one in return in order to transition to the "OpenConfirm" state. Keepalive messages are exchanged and, upon successful receipt, the router is placed into the “Established” state. In the “Established” state, the router can send/receive: Keepalive; Update; and Notification messages to/from its peer.
Figure 3 - BGP Finite State Machine
The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another.
Table 1 - BGP Messages Type
BGP employs five timers: ConnectRetryTimer, HoldTimer, KeepaliveTimer, MinASOriginationIntervalTimer, and MinRouteAdvertisementIntervalTimer. Two optional timers MAY be supported: DelayOpenTimer, IdleHoldTimer by BGP. Below the explanation related BGP timer
Table 3 - BGP Attributes

1.4 BGP Attribute 

After BGP establishes a session, routing updates are exchanged. Each routing update contains a prefix and metrics. In BGP, metrics are called attributes. Path attributes fall into four separate categories:

  1. Well-known mandatory.
  2. Well-known discretionary.
  3. Optional transitive.
  4. Optional non-transitive.

BGP implementations MUST recognize all well-known attributes. Some of these attributes are mandatory and MUST be included in every UPDATE message that contains NLRI. Others are discretionary and MAY or MAY NOT be sent in a particular UPDATE message. Once a BGP peer has updated any well-known attributes, it MUST pass these attributes to its peers in any updates it transmits.
Each path MAY contain one or more optional attributes also. It is not required or expected that all BGP implementations support all optional attributes. The handling of an unrecognized optional attribute is determined by the setting of the Transitive bit in the attribute flags octet. If a path with an unrecognized transitive optional attribute is accepted and passed to other BGP peers, then the unrecognized transitive optional attribute of that path MUST be passed, along with the path, to other BGP peers with the Partial bit in the Attribute Flags octet set to 1. If a path with a recognized, transitive optional attribute is accepted and passed along to other BGP peers and the Partial bit in the Attribute Flags octet is set to 1 by some previous AS, it MUST NOT be set back to 0 by the current AS. Unrecognized non-transitive optional attributes MUST be quietly ignored and not passed along to other BGP peers.
Table 3 - BGP Attributes

2. Test LAB

2.1 Topology and Interface Information

Figure 4 - Topology and Interface Information
Below the Information about loopback/system IP information and AS Number:
Table 4 - Loopback Interface and AS Number Information
From the table, we know information this lab running 4 AS number In 6 Router, AS 64660 running iBGP and eBGP session, and other AS number like 64770, 64880, 64990 only running eBGP Session.
Figure 5 - BGP Autonomous System Mapping
Some option and knowing limitation that used in this LAB test are:

  • Basic Configuration is done. If you still confuse about interface configuration and other basic configuration, please refer to this link: http://www.achyarnurandi.net/2016/04/nokia-juniper-cisco-part-1-ospf-routing.html 
  • Using OSPF IGP to maintain loopback/system connectivity in iBGP Session. We don’t talk about OSPF configuration here. Refer the link before to know more detail
  • Using ipv4 BGP address family
  • Simple policy will be introduced, just to export loopback ip network in to BGP

2.2 Configuration

For this configuration, we will divide in 3 step. Because there is a little different hierarchical configuration for each product.

2.2.1 Nokia SROS BGP Hierarchical Configuration

In this step, we will discuss and short explain about BGP Hierarchical configuration in Nokia Service Router. In Nokia demarcation between global bgp configuration, group bgp and neighbor bgp has clear demarcation. The first step must we do is set autonomous system under global configuration. Below how to set up autonomous system and router id in Nokia 7750 SR

A:64660-PE1-SR# configure router
A:64660-PE1-SR>config>router# autonomous-system 64660
A:64660-PE1-SR>config>router# router-id 172.46.60.1

After setting up the AS number, router-ID and make sure all configuration was done. Then, set BGP configuration. First example is 64660-PE1-SR, this router running iBGP and eBGP, where eBGP meet the 64490-PE1-CRS with AS Number 64490. Below the iBGP and eBGP configuration:

A:64660-PE1-SR# configure router bgp
A:64660-PE1-SR>config>router>bgp# info
----------------------------------------------
            group "eBGP-64990"
                type external
                peer-as 64990
                neighbor 10.60.90.2
   local-address 10.60.90.1
                exit
            exit
            group "iBGP-64660"
                type internal
                peer-as 64660
                neighbor 172.46.60.2
                exit
                neighbor 172.46.60.3
                exit
            exit
            no shutdown
----------------------------------------------
A:64660-PE1-SR>config>router>bgp#

First configuration globally, you should define family address and In Nokia 7750 SR family address IPv4 was set by default. After global configuration, the next step is create BGP group, it consist of neighbor that has same configuration. And finally, neighbor configuration is proposed to create BGP session with BGP peering device either iBGP session or eBGP session that want to be established. Verify the BGP establish with do command “show router bgp summary”

A:64660-PE1-SR# /show router bgp summary
===============================================================================
 BGP Router ID:172.46.60.1      AS:64660       Local AS:64660
===============================================================================
BGP Admin State         : Up          BGP Oper State              : Up
Total Peer Groups       : 2           Total Peers                 : 3
Total BGP Paths         : 11          Total Path Memory           : 2048
Total IPv4 Remote Rts   : 5           Total IPv4 Rem. Active Rts  : 3
Total McIPv4 Remote Rts : 0           Total McIPv4 Rem. Active Rts: 0
Total McIPv6 Remote Rts : 0           Total McIPv6 Rem. Active Rts: 0
Total IPv6 Remote Rts   : 0           Total IPv6 Rem. Active Rts  : 0
Total IPv4 Backup Rts   : 0           Total IPv6 Backup Rts       : 0

Total Supressed Rts     : 0           Total Hist. Rts             : 0
Total Decay Rts         : 0

Total VPN Peer Groups   : 0           Total VPN Peers             : 0
Total VPN Local Rts     : 0
Total VPN-IPv4 Rem. Rts : 0           Total VPN-IPv4 Rem. Act. Rts: 0
Total VPN-IPv6 Rem. Rts : 0           Total VPN-IPv6 Rem. Act. Rts: 0
Total VPN-IPv4 Bkup Rts : 0           Total VPN-IPv6 Bkup Rts     : 0

Total VPN Supp. Rts     : 0           Total VPN Hist. Rts         : 0
Total VPN Decay Rts     : 0

Total L2-VPN Rem. Rts   : 0           Total L2VPN Rem. Act. Rts   : 0
Total MVPN-IPv4 Rem Rts : 0           Total MVPN-IPv4 Rem Act Rts : 0
Total MDT-SAFI Rem Rts  : 0           Total MDT-SAFI Rem Act Rts  : 0
Total MSPW Rem Rts      : 0           Total MSPW Rem Act Rts      : 0
Total RouteTgt Rem Rts  : 0           Total RouteTgt Rem Act Rts  : 0
Total McVpnIPv4 Rem Rts : 0           Total McVpnIPv4 Rem Act Rts : 0
Total MVPN-IPv6 Rem Rts : 0           Total MVPN-IPv6 Rem Act Rts : 0
Total EVPN Rem Rts      : 0           Total EVPN Rem Act Rts      : 0
Total FlowIpv4 Rem Rts  : 0           Total FlowIpv4 Rem Act Rts  : 0
Total FlowIpv6 Rem Rts  : 0           Total FlowIpv6 Rem Act Rts  : 0

===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
                   AS PktRcvd InQ  Up/Down   State|Rcv/Act/Sent (Addr Family)
                      PktSent OutQ
-------------------------------------------------------------------------------
10.60.90.2
                64990      12    0 00h01m09s 1/1/6 (IPv4)
                           17    0
172.46.60.2
                64660      10    0 00h03m01s 2/1/2 (IPv4)
                           12    0
172.46.60.3
                64660      12    0 00h03m42s 2/1/2 (IPv4)
                           15    0
-------------------------------------------------------------------------------
A:64660-PE1-SR#

The configuration is same with 64770-PE1-SR where it just using eBGP router to connected 64660
A:64770-PE1-SR# configure router bgp
A:64770-PE1-SR>config>router>bgp# info
----------------------------------------------
            group "eBGP-64660"
                type external
                peer-as 64660
                neighbor 10.60.70.1
                    local-address 10.60.70.2
                exit
            exit
            no shutdown
----------------------------------------------
A:64770-PE1-SR>config>router>bgp#
When make a group for eBGP session, it mandatory define the remote AS number under group context. When verify in BGP summary, the AS number describe near the neighbor ip
A:64770-PE1-SR# /show router bgp summary

... Output omitted...
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
                   AS PktRcvd InQ  Up/Down   State|Rcv/Act/Sent (Addr Family)
                      PktSent OutQ
-------------------------------------------------------------------------------
10.60.70.1
                64660      40    0 00h06m34s 5/5/6 (IPv4)
                           24    0
-------------------------------------------------------------------------------
A:64770-PE1-SR#

2.2.2 Juniper JUNOS BGP Hierarchical Configuration

BGP configuration in juniper almost same with Nokia 7750 SR, I think the different is just syntaxes or semantics. To defined the AS number and router ID under routing-options context 
root@64660-PE2-MX> show configuration routing-options | display set
set routing-options router-id 172.46.60.2
set routing-options autonomous-system 64660
AS number may configure under neighbor using command local-as, and local address should be configured to define update source come from loopback IP. Below the iBGP and eBGP group configuration in Juniper MX
root@64660-PE2-MX> show configuration protocols bgp
family inet {
    unicast;
}
group iBGP-64660 {
    type internal;
    local-address 172.46.60.2;
    neighbor 172.46.60.1;
    neighbor 172.46.60.3;
}
group eBGP-64770 {
    type external;
    peer-as 64770;
    neighbor 10.60.70.2 {
        local-address 10.60.70.1;
    }
}

root@64660-PE2-MX>
In eBGP group configuration, it configure local-address from Juniper interface as update source to peering AS device. After configure, you may do command “show bgp summary
root@64660-PE2-MX> show bgp summary
Groups: 2 Peers: 3 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0
                       5          3          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.60.70.2            64770         37         43       0       0       16:01 1/1/1/0              0/0/0/0
172.46.60.1           64660         90        108       0       3       42:06 1/2/2/0              0/0/0/0
172.46.60.3           64660        342        380       0       0     2:47:15 1/2/2/0              0/0/0/0

root@64660-PE2-MX>

2.2.3 Cisco IOS-XR BGP Hierarchical Configuration

Cisco system has unique different BGP configuration from my view, maybe I habitual with Nokia Router and Juniper. So I am surprised when configuring a Cisco IOS-XR. About the BGP configuration, it using hierarchical configuration also, the different come with configuration group as a follows:
  • Af-group to grouping address-family. 
  • Session-group to grouping BGP session specifically.
  • Neighbor-group allows grouping and reuse of neighbor-specific configuration.
It has different meaning about group in Juniper, Nokia with Cisco. Cisco grouping refers to template to simplify configuration. Follows the BGP configuration in Cisco IOS-XR (I use 64660-PE3-CRS):
RP/0/0/CPU0:64660-PE3-CRS#sh run router bgp
Sun Aug  7 07:33:58.134 UTC
router bgp 64660
 bgp router-id 172.46.60.3
 address-family ipv4 unicast
!
 session-group eBGP-Peer
  remote-as 64880
  update-source GigabitEthernet0/0/0/1
 !
 session-group iBGP-64660
  remote-as 64660
  update-source Loopback0
 !
 neighbor-group eBGP-64880
  use session-group eBGP-Peer
  address-family ipv4 unicast
 !
 neighbor-group iBGP-64660
  use session-group iBGP-64660
  address-family ipv4 unicast
   next-hop-self
   soft-reconfiguration inbound always
  !
 !
 neighbor 10.60.80.2
  use neighbor-group eBGP-64880
  !
 !
 neighbor 172.46.60.1
  use neighbor-group iBGP-64660
 !
 neighbor 172.46.60.2
  use neighbor-group iBGP-64660
 !
!

RP/0/0/CPU0:64660-PE3-CRS#
Like cisco said, to simplify configuration, configuration group is like session-group, neighbor-group were used. It’s seems you just call the template under neighbor configuration to make it run. The mandatory things when configuring BGP using cisco IOS-XR as a follows: 
  • Address family is required in BGP global configuration
  • AS Number is configuring when you create bgp configuration “router bgp <as number>”
  • BGP router id configuring under BGP global configuration
After configuring, do command show bgp summary to verify the BGP was established
RP/0/0/CPU0:64660-PE3-CRS#show bgp summary
Sun Aug  7 07:53:09.515 UTC
BGP router identifier 172.46.60.3, local AS number 64660
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000   RD version: 41
BGP main routing table version 41
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.


Process       RcvTblVer   bRIB/RIB   LabelVer  ImportVer  SendTblVer  StandbyVer
Speaker              41         41         41         41          41          41

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd
10.60.80.2        0 64880     661     616       41    0    0 04:56:33          1
172.46.60.1       0 64660     573     596       41    0    0 00:43:26          2
172.46.60.2       0 64660     670     601       41    0    0 04:56:31          2

RP/0/0/CPU0:64660-PE3-CRS#

2.3 Simple Policy Routing in BGP

Kindly remind, the BGP session just established, but no prefix advertised and installed in routing table. BGP using export policies to redistribute prefix from another routing protocol to bgp. And to achieve this action, BGP routing policy is needed. 

2.3.1 Nokia SROS BGP Routing Policy Configuration

Nokia SROS routing policy configuration is under configure router policy-options, in this lab 2 policy statements is used, the first policy is advertise  the systems loopback ip to BGP and the second policy is  limit the prefix that advertised to eBGP peering, the command as follows:
A:64660-PE1-SR# configure router policy-options
A:64660-PE1-SR>config>router>policy-options# info
----------------------------------------------
            prefix-list "64660-loopback"
                prefix 172.46.60.1/32 exact
                prefix 172.46.60.2/32 exact
                prefix 172.46.60.3/32 exact
                prefix 172.47.70.1/32 exact
                prefix 172.48.80.1/32 exact
            exit
            prefix-list "internal-looback"
                prefix 172.46.60.1/32 exact
            exit
            policy-statement "export-loopback"
                entry 10
                    from
                        protocol direct
                        prefix-list "internal-looback"
                    exit
                    to
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
            policy-statement "export-to-64990"
                entry 10
                    from
                        prefix-list "64660-loopback"
                    exit
                    to
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
----------------------------------------------
A:64660-PE1-SR>config>router>policy-options#

After create a policy, it must be activated with put the policy under bgp configuration, 
A:64660-PE1-SR>configure router bgp
A:64660-PE1-SR>config>router>bgp# info
----------------------------------------------
            export "export-loopback"
            local-as 64660
            group "eBGP-64990"
                ...Output omitted...
                export "export-to-64990"
                ...Output omitted...
            exit
            group "iBGP-64660"
                next-hop-self
                ...Output omitted...
            exit
            no shutdown
----------------------------------------------
A:64660-PE1-SR>config>router>bgp#
Next-hop-self is used when advertise prefix get from eBGP to iBGP the resolve is changing to it system/ip looback, because the interface point to point is not advertised to BGP for best current practice. To verify prefix that installed in local-RIB as follows:
A:64660-PE1-SR# show router bgp routes
===============================================================================
 BGP Router ID:172.46.60.1      AS:64660       Local AS:64660
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     Label
      As-Path
-------------------------------------------------------------------------------
*i    172.46.60.2/32                                     100         None
      172.46.60.2                                        None        -
      No As-Path
*i    172.46.60.3/32                                     100         0
      172.46.60.3                                        None        -
      No As-Path
u*>i  172.47.70.1/32                                     100         None
      172.46.60.2                                        None        -
      64770
u*>i  172.48.80.1/32                                     100         None
      172.46.60.3                                        None        -
      64880
u*>i  172.49.90.1/32                                     None        0
      10.60.90.2                                         None        -
      64990
-------------------------------------------------------------------------------
Routes : 5
===============================================================================
A:64660-PE1-SR#
When advertised route and received to/from neighbor want to be checked, do command as follows:
A:64660-PE1-SR# show router bgp neighbor 172.46.60.2 advertised-routes
===============================================================================
 BGP Router ID:172.46.60.1      AS:64660       Local AS:64660
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     Label
      As-Path
-------------------------------------------------------------------------------
i     172.46.60.1/32                                     100         None
      172.46.60.1                                        None        -
      No As-Path
i     172.49.90.1/32                                     100         0
      172.46.60.1                                        None        -
      64990
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
A:64660-PE1-SR# show router bgp neighbor 172.46.60.2 received-routes
===============================================================================
 BGP Router ID:172.46.60.1      AS:64660       Local AS:64660
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     Label
      As-Path
-------------------------------------------------------------------------------
*i    172.46.60.2/32                                     100         None
      172.46.60.2                                        None        -
      No As-Path
u*>i  172.47.70.1/32                                     100         None
      172.46.60.2                                        None        -
      64770
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
A:64660-PE1-SR#

2.3.2 Juniper JUNOS BGP Routing Policy Configuration

Juniper JUNOS has the same concept with Nokia SROS, BGP policy configuration, configuring under policy
root@64660-PE2-MX# top edit policy-options

[edit policy-options]
root@64660-PE2-MX# show
prefix-list internal-looback {
    172.46.60.2/32;
}
prefix-list from-64770 {
    172.47.70.1/32;
}
prefix-list loopback-to-64470 {
    172.46.60.1/32;
    172.46.60.2/32;
    172.46.60.3/32;
}
policy-statement export-loopback {
    from {
        protocol direct;
        prefix-list internal-looback;
    }
    then accept;
}
policy-statement export-to-64770 {
    term 1 {
        from {
            prefix-list loopback-to-64470;
        }
        then accept;
    }
}
policy-statement nhs-for-64770 {
    term nhs {
        from {
            prefix-list from-64770;
        }
        then {
            next-hop self;
        }
    }
}

[edit policy-options]
root@64660-PE2-MX#
There are 3 policy in Juniper JUNOS, first policy (orang) for export Juniper loopback, second policy (purple) for make PE2 acting as next-hop for prefix that received from eBGP (AS 64770), and the last policy to export prefix from iBGP outside to eBGP. Then after create the policy, use the policy under BGP group configuration as follows:
[edit policy-options]
root@64660-PE2-MX# top edit protocols bgp

[edit protocols bgp]
root@64660-PE2-MX# show
...Output omitted...
}
group iBGP-64660 {
    ...Output omitted...
    export [ nhs-for-64770 export-loopback ];
    ...Output omitted...
}
group eBGP-64770 {
    ...Output omitted...
    export export-to-64770;
    ...Output omitted...
    }
}

[edit protocols bgp]
root@64660-PE2-MX#
For policy advertise loopback and next-hop self-configuring under iBGP group, while the advertised prefix from intra-AS configuring under eBGP group

2.3.3 Cisco IOS-XR BGP Routing Policy Configuration

Cisco IOS-XR has special command to export the loopback ip to their BGP.  It called redistribute, but in this case to export/redistribute just using command network <ip-address>/<prefix> under address-family configuration in BGP global configuration
RP/0/0/CPU0:64660-PE3-CRS#show run router bgp
Sun Aug  7 10:39:12.353 UTC
router bgp 64660
 bgp router-id 172.46.60.3
 address-family ipv4 unicast
  network 172.46.60.3/32
 !
...Output omitted...
The concern about policy in this lab when using eBGP. When eBGP implement in Cisco IOS-XR the default action when no inbound and outbound policy all prefix will be dropped. To make router can advertise and receive prefix, in Cisco IOS-XR policy must be implemented.
prefix-set incoming-loopback
  172.48.80.1
end-set
!
prefix-set outgoing-loopback
  172.46.60.1/32,
  172.46.60.3/32,
  172.46.60.3/32,
  172.49.90.1/32,
  172.47.70.1/32
end-set
!
rpl editor nano
!
route-policy incoming-allow
  if destination in incoming-loopback then
    pass
  endif
end-policy
!
!
route-policy outgoing-allow
  if destination in outgoing-loopback then
    pass
  endif
end-policy
!
The policy implemented in 2 function, the purple one for outbound and the pink ones for inbound. This policy implemented under address-family in neighbor eBGP peering.
!
 neighbor-group eBGP-64880
  use session-group eBGP-Peer
  address-family ipv4 unicast
   route-policy incoming-allow in
   route-policy outgoing-allow out
  !
 !
The next-hop policy configuring under address-family in neighbor group iBGP and soft-reconfiguration inbound always is set, to know what prefix that received from bgp neighbor.
!
 neighbor-group iBGP-64660
  use session-group iBGP-64660
  address-family ipv4 unicast
   next-hop-self
   soft-reconfiguration inbound always
  !
 !

2.4 Reachability Testing

In this step, the node under test will be chosen randomly. I will test from 64770-PE1-SR do ping test to 64880-PE2-MX and 64660-PE2-MX do ping to 64990-PE1-CRS. The flow test like as follow
Figure 6 - Reachability Testing Topology

2.4.1 Ping test from 64770-PE1-SR to 64880-PE2-MX

Before ping-test. It should be verified the 64880-PE1-MX’s loopback is present in 64770-PE1-SR. Below verification in 64770-PE1-SR
A:64770-PE1-SR# show router route-table 172.48.80.1/32

===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.48.80.1/32                                Remote  BGP       00h41m35s  170
       10.60.70.1                                                   0
-------------------------------------------------------------------------------
No. of Routes: 1
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================
A:64770-PE1-SR# show router bgp routes 172.48.80.1/32
===============================================================================
 BGP Router ID:172.47.70.1      AS:64770       Local AS:64770
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     Label
      As-Path
-------------------------------------------------------------------------------
u*>i  172.48.80.1/32                                     None        None
      10.60.70.1                                         None        -
      64660 64880
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
A:64770-PE1-SR#
From output below, prefix 172.48.80.1/32 come fro AS 64880 and through AS 64660 to reach this AS (AS 64770). Reachability test using ping application:
A:64770-PE1-SR# ping 172.48.80.1 source 172.47.70.1 count 3
PING 172.48.80.1 56 data bytes
64 bytes from 172.48.80.1: icmp_seq=1 ttl=62 time=17.0ms.
64 bytes from 172.48.80.1: icmp_seq=2 ttl=62 time=17.6ms.
64 bytes from 172.48.80.1: icmp_seq=3 ttl=62 time=15.5ms.

---- 172.48.80.1 PING Statistics ----
3 packets transmitted, 3 packets received, 0.00% packet loss
round-trip min = 15.5ms, avg = 16.7ms, max = 17.6ms, stddev = 0.902ms
A:64770-PE1-SR#

2.4.2 Ping test from 64660-PE2-MX to 64990-PE1-CRS

Verify the prefix from 64990-PE1-CRS that received in 64660-PE2-MX as command below:
[edit]
root@64660-PE2-MX# run show route protocol bgp 172.49.90.1/32

inet.0: 15 destinations, 17 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.49.90.1/32     *[BGP/170] 00:25:03, MED 0, localpref 100, from 172.46.60.1
                      AS path: 64990 I, validation-state: unverified
                    > to 10.6.60.1 via ge-0/0/0.0

[edit]
root@64660-PE2-MX#
Then do ping test
root@64660-PE2-MX# run ping 172.49.90.1 source 172.46.60.2 count 3
PING 172.49.90.1 (172.49.90.1): 56 data bytes
64 bytes from 172.49.90.1: icmp_seq=0 ttl=254 time=12.368 ms
64 bytes from 172.49.90.1: icmp_seq=1 ttl=254 time=11.909 ms
64 bytes from 172.49.90.1: icmp_seq=2 ttl=254 time=13.697 ms

--- 172.49.90.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 11.909/12.658/13.697/0.758 ms

[edit policy-options policy-statement export-to-64770 term 1]
root@64660-PE2-MX#
From the test, we can write the control plane flow our test is like picture below:
Figure 7 - BGP AS Path Verification Related Reachability Test
The reachability test was documented in Video as follows:

I share the syntaxes and semantics on github. Please refer this link for the code:


3. Reference

  • Juniper Networks. 2013. JNCIS-SP Study Guide—Part 1. Juniper Networks
  • Mobeen Tahir, Mark Ghattas, Dawit Birhanu, Syed Natif Nawaz. 2009. Cisco IOS XR Fundamental. Indianapolis: Cisco Press
  • rfc4271 - A Border Gateway Protocol 4 (BGP-4)
  • rfc1930 -  Guidelines for creation, selection, and registration of an Autonomous System (AS)
  • Warnock Glenn, Ghafary Mira, Ghassan Shaheen. 2015. Alcatel-Lucent Service Routing Architect Self-Study Guide: Preparing for the BGP, VPRN and Multicast Exam. Indianapolis: Willey

No comments:

Post a Comment