7.51 BGP Remove Private AS
• Reconfigure SW1 and SW3 in the private AS 65089 and adjust the peering settings accordingly.
• Create and advertise Loopback 1 subnet in SW1 with the IP address 7.7.7.7/24.
• Configure AS 100 and AS 200 speakers to strip the private AS number when advertising the prefixes to AS 254 and AS 54.
---------------------------------------------------------
將SW1與SW3改成private AS65089並且調整其他鄰居的peering
當離開AS254與AS54時,請於AS100與AS200將private AS移除
---------------------------------------------------------
Private AS numbers in range 64512-65535 are often assigned to small
enterprises that use BGP to peer with their ISPs. Private AS numbers are similar to RFC 1918 IP addressing, which allows for consuming AS numbers on the Internet. However, private AS numbers should not appear on the public Internet, as many sites may originate the same number. Thus, the AS that provides upstream connection for the private site should remove the private AS numbers from the AS_PATH attribute.
The command to perform the AS_PATH stripping in IOS is
neighbor <IP> remove-private-as
All BGP updates sent over this session are inspected to have a sequence of private AS numbers in the beginning of the AS_PATH.
All private numbers are then removed and the local AS number is prepended. Notice that in situation when the private AS sequence is not located in the beginning of the AS_PATH, the stripping will not work and AS_PATH will remain unmodified.
remove-private-as若是不在prefix的開頭的話,那就沒法子移除了
---------------------------------------------------------
SW1:
no router bgp 300
router bgp 65089
neighbor 155.1.79.9 remote-as 65089
neighbor 155.1.37.3 remote-as 200
neighbor 155.1.67.6 remote-as 100
network 7.7.7.0 mask 255.255.255.0
!
interface Loopback1
ip address 7.7.7.7 255.255.255.0
SW3:
no router bgp 300
router bgp 65089
neighbor 155.1.79.7 remote-as 65089
R3:
router bgp 200
neighbor 155.1.37.7 remote-as 65089
R6:
!
! BGP AS was modified in the previous task
!
router bgp 146
neighbor 155.1.67.7 remote-as 65089
neighbor 155.1.67.7 local-as 100 no-prepend replace-as (這是我自己加的)
neighbor 54.1.1.254 remove-private-as (先不要下指令)
R2:
router bgp 200
neighbor 192.10.1.254 remove-private-as (先不要下指令)
R4:
router bgp 146
neighbor 204.12.1.254 remove-private-as (先不要下指令)
---------------------------------------------------------
於SW1上往R6 peer設定,仍為AS100,SW1上出現的錯誤
Rack1SW1#
Nov 26 15:28:23.729 TPE: %BGP-3-NOTIFICATION: sent to neighbor 155.1.67.6 2/2 (peer in wrong AS) 2 bytes 0092
Rack1SW1# FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 0092 00B4 9601 0606 1002 0601 0400 0100 0102 0280 0002 0202 00
Rack1SW1#
Nov 26 15:28:30.926 TPE: %BGP-3-NOTIFICATION: sent to neighbor 155.1.67.6 2/2 (peer in wrong AS) 2 bytes 0092
Rack1SW1# FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 0092 00B4 9601 0606 1002 0601 0400 0100 0102 0280 0002 0202 00
Rack1SW1#
R6所出現的錯誤AS number
Rack1R6#
*Mar 3 05:46:03.922: %BGP-3-NOTIFICATION: received from neighbor 155.1.67.7 2/2 (peer in wrong AS) 2 bytes 0092
Rack1R6#
*Mar 3 05:46:14.218: %BGP-3-NOTIFICATION: received from neighbor 155.1.67.7 2/2 (peer in wrong AS) 2 bytes 0092
Rack1R6#
解決方法是SW1用我所用的方法置換local-as 100 no-prepend replace-as
或是比較簡單的方式是SW1往R6 peer設定AS146
---------------------------------------------------------
首先檢查R4給BB3的路由:
Rack1R4#show ip bgp neighbors 204.12.1.254 advertised-routes
BGP table version is 116, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 155.1.45.5 0 200 i
*>i7.7.7.0/24 155.1.67.7 0 100 0 65089 i
*> 155.1.0.0 0.0.0.0 32768 i
*> 205.90.31.0 155.1.45.5 0 200 254 ?
*> 220.20.3.0 155.1.45.5 0 200 254 ?
*> 222.22.2.0 155.1.45.5 0 200 254 ?
Total number of prefixes 6
Rack1R4#
RS.1.1.BB3>show ip bgp
BGP table version is 151, local router ID is 31.3.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i7.7.7.0/24 172.16.4.1 0 100 0 100 65089 i
*> 204.12.1.4 0 100 65089 i
*> 28.119.16.0/24 0.0.0.0 0 32768 i
*> 28.119.17.0/24 0.0.0.0 0 32768 i
*>i112.0.0.0 172.16.4.1 0 100 0 i
出現private AS65089, 那就把neighbor <IP> remove-private-as下下去(R4,R6,R2)
R4所出去的還是AS65089耶,那我們看看BB3...
Rack1R4#show ip bgp neighbors 204.12.1.254 advertised-routes
BGP table version is 116, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 155.1.45.5 0 200 i
*>i7.7.7.0/24 155.1.67.7 0 100 0 65089 i
*> 155.1.0.0 0.0.0.0 32768 i
*> 205.90.31.0 155.1.45.5 0 200 254 ?
*> 220.20.3.0 155.1.45.5 0 200 254 ?
*> 222.22.2.0 155.1.45.5 0 200 254 ?
Total number of prefixes 6
Rack1R4#
RS.1.1.BB3>show ip bgp
BGP table version is 152, local router ID is 31.3.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 7.7.7.0/24 204.12.1.4 0 100 i
*> 28.119.16.0/24 0.0.0.0 0 32768 i
*> 28.119.17.0/24 0.0.0.0 0 32768 i
*>i112.0.0.0 172.16.4.1 0 100 0 i
RS.1.1.BB1>show ip bgp
BGP table version is 179, local router ID is 212.18.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path* i7.7.7.0/24 172.16.4.3 0 100 0 100 i
*> 54.1.1.6 0 100 i
*>i28.119.16.0/24 172.16.4.3 0 100 0 i
RS.1.1.BB2>show ip bgp
BGP table version is 206, local router ID is 222.22.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 7.7.7.0/24 192.10.1.2 0 200 i
*> 28.119.16.0/24 192.10.1.2 0 200 100 54 i
---------------------------------------------------------
Now shut down the BGP peering session between R6 and SW1. This will make AS 100 (146) accept the prefix from AS 200 with the AS_PATH “200 65089”. Notice that in real life AS 200 should have removed the private AS when advertising the prefix to AS 100. However, we intentionally left this misconfiguration.
關閉R6與SW1的連線,將會讓AS100往AS54出去的prefix 7.7.7.0/24變成是AS100,AS200,AS65089
R6:
router bgp 146
neighbor 155.1.67.7 shutdown
Rack1R4#show ip bgp neighbors 204.12.1.254 advertised-routes
BGP table version is 118, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 155.1.45.5 0 200 i
*> 7.7.7.0/24 155.1.45.5 0 200 65089 i
*> 155.1.0.0 0.0.0.0 32768 i
RS.1.1.BB3>show ip bgp
BGP table version is 153, local router ID is 31.3.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i7.7.7.0/24 172.16.4.1 0 100 0 100 200 65089 i
*> 204.12.1.4 0 100 200 65089 i
*> 28.119.16.0/24 0.0.0.0 0 32768 i
*> 28.119.17.0/24 0.0.0.0 0 32768 i
沒有留言:
張貼留言