Build the ISP Backbone with iBGP
Download Lab: EVE-NG
Image needed:
Cisco IOL i86bi_LinuxL3-AdvEnterpriseK9-M2_157_3_May_2018.bin
Introduction:
This is the first lab resembling the idea behind the name of this blog "labsproject.net", I want to engage people who study for the network engineering in a game to pretend that they are working on the real project for the company. The labs I am creating for this title are complex and based on the stack of many technologies and concepts, they are ideal for studying, understand and practice as well as troubleshooting the problems on large networks. This particular lab is about the BGP routing protocol, used to build the ISP backbone network. Before the BGP implementation in this topology, there are a lot of underlying mechanisms that have to be enabled to provide the environment for BGP to run its functions and connect the autonomous systems in one cohesive data cloud for packets to flow through. This topology built with the idea in mind that the core of the network should be BGP free, meaning that this routing protocol will not run at the center of the infrastructure and other methods of the packets switching has to be involved, yes, I am talking about MPLS that is running on this network and not just for entire topology but there are three instances of MPLS for each section of the backbone network because this lab is also about BGP confederation and route reflectors within each confederation autonomous system providing redundant connections. To connect PE routers to the RR routers within each iBGP cloud the integrated IS-IS is configured to assist the MPLS in its packets switching by providing routing information for loopback interfaces' subnets of PE and RR routers, which in turn BGP will use for its neighborship and updates.
About downloadable zip file:
After you upload this project, you are going to have two Labs, one is completely finished lab, IPv4, IS-IS, MPLS, and particular BGP have already configured. You can use this lab to study the topology and understand how is BGP implemented also modify this design by introducing different routing policies, for example, all IPv4 bgp prefixes coming to ISP's AS from all neighbors are incomplete and you can use route-map to prohibit those prefixes from entering ISP's AS, then in all peering autonomous systems change the origin to "igp" this will allow those routes to appear in the ISP's BGP table again. Regarding the second lab that everything is configured but the BGP and you have to go through tasks to accomplish these: Configure iBGP, BGP confederation, Route Reflectors, eBGP between confederation autonomous system, eBGP between ISP and its customers.
Lab goals:
To successfully complete this lab you have to follow these rules:
1. Within AS100 all routers participating in the BGP have to be configured using BGP template peer-sessions and template peer-policy.
2. The BGP confederation configurations have to be implemented.
3. There are 3 distinct parts of the network, in each part configure the iBGP cloud starting with "Router reflectors" then PE routers have to establish iBGP sessions to RRs.
4. OSPF is running on the links between BGP confederations, use OSPF's routing information to configure eBGP between confederations.
5. Configure eBGP with ISP's customers, each customer connected to the POP location where two routers providing redundancy.
6. All BGP neighborships have to be established with the use of loopback 100 interfaces.
Topology:
Configuration examples:
Route reflector in the confederation 64701:
router bgp 64701
template peer-policy policy-top
exit-peer-policy
!
template peer-policy ROUTE_REFLECT
route-reflector-client
inherit peer-policy policy-top 10
exit-peer-policy
!
template peer-session bgp-top
update-source Loopback100
timers 10 30
exit-peer-session
!
template peer-session iBGP
remote-as 64701
inherit peer-session bgp-top
exit-peer-session
!
template peer-session iBGP_AUTH
password cisco
inherit peer-session iBGP
exit-peer-session
!
bgp router-id 20.0.1.45
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 64702
neighbor 20.0.1.15 inherit peer-session iBGP_AUTH
neighbor 20.0.1.15 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.16 inherit peer-session iBGP_AUTH
neighbor 20.0.1.16 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.21 inherit peer-session iBGP_AUTH
neighbor 20.0.1.21 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.22 inherit peer-session iBGP_AUTH
neighbor 20.0.1.22 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.23 inherit peer-session iBGP_AUTH
neighbor 20.0.1.23 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.24 inherit peer-session iBGP_AUTH
neighbor 20.0.1.24 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.25 inherit peer-session iBGP_AUTH
neighbor 20.0.1.25 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.26 inherit peer-session iBGP_AUTH
neighbor 20.0.1.26 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.27 inherit peer-session iBGP_AUTH
neighbor 20.0.1.27 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.28 inherit peer-session iBGP_AUTH
neighbor 20.0.1.28 inherit peer-policy ROUTE_REFLECT
Provider edge router bordering with another confederation:
router bgp 64701
template peer-policy policy-top
exit-peer-policy
!
template peer-policy NEXT_HOP_SELF
next-hop-self
inherit peer-policy policy-top 10
exit-peer-policy
!
template peer-policy CONFEDERATION_EBGP
next-hop-self
exit-peer-policy
!
template peer-policy eBGP_PEERS
inherit peer-policy CONFEDERATION_EBGP 10
exit-peer-policy
!
template peer-session bgp-top
update-source Loopback100
timers 10 30
exit-peer-session
!
template peer-session iBGP
remote-as 64701
inherit peer-session bgp-top
exit-peer-session
!
template peer-session iBGP_AUTH
password cisco
inherit peer-session iBGP
exit-peer-session
!
template peer-session eBGP
remote-as 64702
ttl-security hops 2
inherit peer-session bgp-top
exit-peer-session
!
template peer-session eBGP_AUTH
password ciscoebgp
inherit peer-session eBGP
exit-peer-session
!
bgp router-id 20.0.1.15
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 64702
network 20.0.1.0 mask 255.255.255.0
neighbor 20.0.1.45 inherit peer-session iBGP_AUTH
neighbor 20.0.1.45 inherit peer-policy NEXT_HOP_SELF
neighbor 20.0.1.46 inherit peer-session iBGP_AUTH
neighbor 20.0.1.46 inherit peer-policy NEXT_HOP_SELF
neighbor 20.0.2.17 inherit peer-session eBGP_AUTH
neighbor 20.0.2.17 inherit peer-policy eBGP_PEERS
Provider edge in the POP location:
router bgp 64701
template peer-policy policy-top
exit-peer-policy
!
template peer-policy NEXT_HOP_SELF
next-hop-self
inherit peer-policy policy-top 10
exit-peer-policy
!
template peer-session bgp-top
update-source Loopback100
timers 10 30
exit-peer-session
!
template peer-session iBGP
remote-as 64701
inherit peer-session bgp-top
exit-peer-session
!
template peer-session iBGP_AUTH
password cisco
inherit peer-session iBGP
exit-peer-session
!
bgp router-id 20.0.1.23
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 64702
neighbor 20.0.1.45 inherit peer-session iBGP_AUTH
neighbor 20.0.1.45 inherit peer-policy NEXT_HOP_SELF
neighbor 20.0.1.46 inherit peer-session iBGP_AUTH
neighbor 20.0.1.46 inherit peer-policy NEXT_HOP_SELF
neighbor 51.0.0.100 remote-as 51
neighbor 51.0.0.100 ebgp-multihop 2
neighbor 51.0.0.100 update-source Loopback100
Customer router connecting to confederation 64701:
router bgp 51
bgp router-id 51.0.0.100
bgp log-neighbor-changes
redistribute connected route-map RDR_LOCAL
neighbor 20.0.1.23 remote-as 100
neighbor 20.0.1.23 ebgp-multihop 2
neighbor 20.0.1.23 update-source Loopback100
neighbor 20.0.1.24 remote-as 100
neighbor 20.0.1.24 ebgp-multihop 2
neighbor 20.0.1.24 update-source Loopback100
Image needed:
Cisco IOL i86bi_LinuxL3-AdvEnterpriseK9-M2_157_3_May_2018.bin
Introduction:
This is the first lab resembling the idea behind the name of this blog "labsproject.net", I want to engage people who study for the network engineering in a game to pretend that they are working on the real project for the company. The labs I am creating for this title are complex and based on the stack of many technologies and concepts, they are ideal for studying, understand and practice as well as troubleshooting the problems on large networks. This particular lab is about the BGP routing protocol, used to build the ISP backbone network. Before the BGP implementation in this topology, there are a lot of underlying mechanisms that have to be enabled to provide the environment for BGP to run its functions and connect the autonomous systems in one cohesive data cloud for packets to flow through. This topology built with the idea in mind that the core of the network should be BGP free, meaning that this routing protocol will not run at the center of the infrastructure and other methods of the packets switching has to be involved, yes, I am talking about MPLS that is running on this network and not just for entire topology but there are three instances of MPLS for each section of the backbone network because this lab is also about BGP confederation and route reflectors within each confederation autonomous system providing redundant connections. To connect PE routers to the RR routers within each iBGP cloud the integrated IS-IS is configured to assist the MPLS in its packets switching by providing routing information for loopback interfaces' subnets of PE and RR routers, which in turn BGP will use for its neighborship and updates.
About downloadable zip file:
After you upload this project, you are going to have two Labs, one is completely finished lab, IPv4, IS-IS, MPLS, and particular BGP have already configured. You can use this lab to study the topology and understand how is BGP implemented also modify this design by introducing different routing policies, for example, all IPv4 bgp prefixes coming to ISP's AS from all neighbors are incomplete and you can use route-map to prohibit those prefixes from entering ISP's AS, then in all peering autonomous systems change the origin to "igp" this will allow those routes to appear in the ISP's BGP table again. Regarding the second lab that everything is configured but the BGP and you have to go through tasks to accomplish these: Configure iBGP, BGP confederation, Route Reflectors, eBGP between confederation autonomous system, eBGP between ISP and its customers.
Lab goals:
To successfully complete this lab you have to follow these rules:
1. Within AS100 all routers participating in the BGP have to be configured using BGP template peer-sessions and template peer-policy.
2. The BGP confederation configurations have to be implemented.
3. There are 3 distinct parts of the network, in each part configure the iBGP cloud starting with "Router reflectors" then PE routers have to establish iBGP sessions to RRs.
4. OSPF is running on the links between BGP confederations, use OSPF's routing information to configure eBGP between confederations.
5. Configure eBGP with ISP's customers, each customer connected to the POP location where two routers providing redundancy.
6. All BGP neighborships have to be established with the use of loopback 100 interfaces.
Topology:
Configuration examples:
Route reflector in the confederation 64701:
router bgp 64701
template peer-policy policy-top
exit-peer-policy
!
template peer-policy ROUTE_REFLECT
route-reflector-client
inherit peer-policy policy-top 10
exit-peer-policy
!
template peer-session bgp-top
update-source Loopback100
timers 10 30
exit-peer-session
!
template peer-session iBGP
remote-as 64701
inherit peer-session bgp-top
exit-peer-session
!
template peer-session iBGP_AUTH
password cisco
inherit peer-session iBGP
exit-peer-session
!
bgp router-id 20.0.1.45
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 64702
neighbor 20.0.1.15 inherit peer-session iBGP_AUTH
neighbor 20.0.1.15 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.16 inherit peer-session iBGP_AUTH
neighbor 20.0.1.16 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.21 inherit peer-session iBGP_AUTH
neighbor 20.0.1.21 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.22 inherit peer-session iBGP_AUTH
neighbor 20.0.1.22 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.23 inherit peer-session iBGP_AUTH
neighbor 20.0.1.23 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.24 inherit peer-session iBGP_AUTH
neighbor 20.0.1.24 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.25 inherit peer-session iBGP_AUTH
neighbor 20.0.1.25 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.26 inherit peer-session iBGP_AUTH
neighbor 20.0.1.26 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.27 inherit peer-session iBGP_AUTH
neighbor 20.0.1.27 inherit peer-policy ROUTE_REFLECT
neighbor 20.0.1.28 inherit peer-session iBGP_AUTH
neighbor 20.0.1.28 inherit peer-policy ROUTE_REFLECT
Provider edge router bordering with another confederation:
router bgp 64701
template peer-policy policy-top
exit-peer-policy
!
template peer-policy NEXT_HOP_SELF
next-hop-self
inherit peer-policy policy-top 10
exit-peer-policy
!
template peer-policy CONFEDERATION_EBGP
next-hop-self
exit-peer-policy
!
template peer-policy eBGP_PEERS
inherit peer-policy CONFEDERATION_EBGP 10
exit-peer-policy
!
template peer-session bgp-top
update-source Loopback100
timers 10 30
exit-peer-session
!
template peer-session iBGP
remote-as 64701
inherit peer-session bgp-top
exit-peer-session
!
template peer-session iBGP_AUTH
password cisco
inherit peer-session iBGP
exit-peer-session
!
template peer-session eBGP
remote-as 64702
ttl-security hops 2
inherit peer-session bgp-top
exit-peer-session
!
template peer-session eBGP_AUTH
password ciscoebgp
inherit peer-session eBGP
exit-peer-session
!
bgp router-id 20.0.1.15
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 64702
network 20.0.1.0 mask 255.255.255.0
neighbor 20.0.1.45 inherit peer-session iBGP_AUTH
neighbor 20.0.1.45 inherit peer-policy NEXT_HOP_SELF
neighbor 20.0.1.46 inherit peer-session iBGP_AUTH
neighbor 20.0.1.46 inherit peer-policy NEXT_HOP_SELF
neighbor 20.0.2.17 inherit peer-session eBGP_AUTH
neighbor 20.0.2.17 inherit peer-policy eBGP_PEERS
Provider edge in the POP location:
router bgp 64701
template peer-policy policy-top
exit-peer-policy
!
template peer-policy NEXT_HOP_SELF
next-hop-self
inherit peer-policy policy-top 10
exit-peer-policy
!
template peer-session bgp-top
update-source Loopback100
timers 10 30
exit-peer-session
!
template peer-session iBGP
remote-as 64701
inherit peer-session bgp-top
exit-peer-session
!
template peer-session iBGP_AUTH
password cisco
inherit peer-session iBGP
exit-peer-session
!
bgp router-id 20.0.1.23
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 64702
neighbor 20.0.1.45 inherit peer-session iBGP_AUTH
neighbor 20.0.1.45 inherit peer-policy NEXT_HOP_SELF
neighbor 20.0.1.46 inherit peer-session iBGP_AUTH
neighbor 20.0.1.46 inherit peer-policy NEXT_HOP_SELF
neighbor 51.0.0.100 remote-as 51
neighbor 51.0.0.100 ebgp-multihop 2
neighbor 51.0.0.100 update-source Loopback100
Customer router connecting to confederation 64701:
router bgp 51
bgp router-id 51.0.0.100
bgp log-neighbor-changes
redistribute connected route-map RDR_LOCAL
neighbor 20.0.1.23 remote-as 100
neighbor 20.0.1.23 ebgp-multihop 2
neighbor 20.0.1.23 update-source Loopback100
neighbor 20.0.1.24 remote-as 100
neighbor 20.0.1.24 ebgp-multihop 2
neighbor 20.0.1.24 update-source Loopback100
Comments
Post a Comment