7.60 BGP AllowAS in
• Configure R2 and SW2 to advertise networks 2.2.2.0/24 and 8.8.8.0/24 into BGP.
• Configure AS 200 border routers so that in case AS 200 is partitioned, the remaining segments could transit AS 100 to recover connectivity.
----------------------------------------------------------------
BGP loop-prevention mechanism does not allow a BGP speaker to accept
prefixes with the local AS number in the AS_PATH list. However, in some cases,
it would be desirable to accept the routes originated in the same AS via another
AS. There are two common scenarios:
1) The company’s network is partitioned and every partition connects to the
Internet or ISP. Every network has its own set of prefixes but uses the same AS
number. In this case, in order for the partitions to exchange prefixes they must
accept the NLRIs with the same AS number.
2) The company connects to an ISP and wants to use it as a transit path in case
the company’s network becomes segmented due to an emergency. In this case,
the prefixes advertised to the ISP must be accepted back by the border peers.
Cisco IOS allows for accepting the prefixes with the local AS number from a
specific peer using the command neighbor <IP> allowas-in [<count>].
Here <count> is the number of the local AS number occurrences in the
AS_PATH attribute, which defaults to one. This parameter serves the purpose
similar to the hop-count limit in distance-vector protocol and implement the wellknow
count-to-infinity loop prevention technique.
In order to prevent routing loops with this feature, you should be careful
implementing prefix aggregation. Specifically, only one “partition” or border peer
could implement summarization, or summarization should not be used at all.
Otherwise, the upstream ASes will have troubles selecting the proper entry point
to the AS partitions. Needless to mention that using the AllowAS in feature is
highly un-recommended and only advised as a last resort.
----------------------------------------------------------------
R2:
router bgp 200
network 2.2.2.0 mask 255.255.255.0
!
interface Loopback1
ip address 2.2.2.2 255.255.255.0
SW2:
router bgp 200
network 8.8.8.0 mask 255.255.255.0
!
interface Loopback1
ip address 8.8.8.8 255.255.255.0
R3:
router bgp 200
neighbor 155.1.13.1 allowas-in
R5:
router bgp 200
neighbor 155.1.45.4 allowas-in
----------------------------------------------------------------
Configure the routers so that AS 200 split in two parts. To accomplish this, configure the routers as follows:
R3:
router eigrp 1
passive-interface FastEthernet 0/0
passive-interface Serial 1/2
R5:
router eigrp 1
passive-interface Serial 0/0
passive-interface Serial 0/1
!
interface Serial 0/0
shutdown
Check the BGP tables of R3 and R5 for the prefixes originated in AS 200. Notice that both R3 and R5 accept those prefixes due to the AllowAS in feature. Next, trace the route from R2 to SW2 between the two configured subnets and make sure connectivity is maintained.
Rack1R3#show ip bgp
BGP table version is 17, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i2.2.2.0/24 155.1.23.2 0 100 0 i
*> 8.8.8.0/24 155.1.13.1 0 100 200 i
* 28.119.16.0/24 155.1.37.7 0 300 100 54 i
*> 155.1.13.1 0 100 54 i
Rack1R5#show ip bgp
BGP table version is 15, local router ID is 150.1.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.0/24 155.1.45.4 0 100 200 i
*>i8.8.8.0/24 155.1.58.8 0 100 0 i
*> 28.119.16.0/24 155.1.45.4 0 100 54 i
Rack1R2#traceroute 8.8.8.8 source loopback 1
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 155.1.23.3 [AS 100] 12 msec 24 msec 4 msec
2 155.1.13.1 [AS 100] 28 msec 12 msec 20 msec
3 155.1.146.4 [AS 100] 16 msec 40 msec 20 msec
4 155.1.45.5 [AS 100] 36 msec 16 msec 40 msec
5 155.1.58.8 [AS 100] 36 msec 40 msec 40 msec
Rack1R2#
沒有留言:
張貼留言