The diagram is complicated with an additional link, and instead of full BGP route in AS65000, the BGP route is propagated with the help of OSPF.
In previous lab, the BGP full mesh was established by peering both subnets of a BGP router. However this step can be simplified by peering the BGP speaker’s loopback address. The ultimate rule of thumb for BGP is there must be reachability to the intended peer first before you execute neighbor remote-as command.
The routers’ loopback address is advertised by OSPF. All routers in AS65000 advertise one another’s route using OSPF internally. The border routers, r1 and r3, establish ibgp route to each other and establish ebgp route to r4 and r5.
Here’s the OSPF configuration of r1,r2 and r3.
r1 has to advertise its loopback address for the sake of BGP peering.
r1#sh run | s router ospf router ospf 1 router-id 1.1.1.1 log-adjacency-changes area 0 authentication message-digest passive-interface default no passive-interface Serial0/1 no passive-interface Serial0/2 no passive-interface Loopback0 network 1.1.1.1 0.0.0.0 area 0 network 192.168.0.1 0.0.0.0 area 0 network 192.168.0.5 0.0.0.0 area 0 r1#
r2 is the only router which does not have bgp router process.
r2#sh run | s router ospf router ospf 1 router-id 2.2.2.2 log-adjacency-changes area 0 authentication message-digest area 1 authentication message-digest passive-interface default no passive-interface Serial0/0 no passive-interface Serial0/1 no passive-interface Loopback0 network 2.2.2.2 0.0.0.0 area 0 network 10.20.0.1 0.0.0.0 area 1 network 10.20.1.1 0.0.0.0 area 1 network 10.20.2.1 0.0.0.0 area 1 network 10.20.4.1 0.0.0.0 area 1 network 192.168.0.2 0.0.0.0 area 0 network 192.168.0.9 0.0.0.0 area 0 r2#
r3 advertises its loopback address for the sake of BGP peering via loopback.
r3#sh run | s router ospf router ospf 1 router-id 3.3.3.3 log-adjacency-changes area 0 authentication message-digest passive-interface default no passive-interface Serial0/0 no passive-interface Serial0/2 no passive-interface Loopback0 network 3.3.3.3 0.0.0.0 area 0 network 192.168.0.6 0.0.0.0 area 0 network 192.168.0.10 0.0.0.0 area 0 r3#
BGP peering in AS65000
If r1 and r3 have only one link to each other than peering loopback or physical interface does not matter, but there are redundant links which can route back to r1 and r3 hence peering loopback interface addresses becomes meaningful in maintaining high availability.
r1#sh run | s router bgp router bgp 65000 synchronization bgp router-id 11.11.11.11 bgp log-neighbor-changes neighbor 3.3.3.3 remote-as 65000 neighbor 3.3.3.3 update-source Loopback0 neighbor 192.168.0.14 remote-as 65100 no auto-summary r1# r3#sh run | s router bgp router bgp 65000 synchronization bgp router-id 33.33.33.33 bgp log-neighbor-changes network 192.168.0.16 mask 255.255.255.252 neighbor 1.1.1.1 remote-as 65000 neighbor 1.1.1.1 update-source Loopback0 neighbor 192.168.0.18 remote-as 65200 no auto-summary r3#
Line number 3 and 14 have synchronization turned on. The purpose of synchronization is to ensure that there is no blackhole, recalling synchronization rule:
BGP will not advertise the route if the route is not learned via IGP
r1 and r3 peer to each other’s loopback address, by default the bgp router will advertise the next-hop address as its interface that originates the route. In other words, r1 will use serial 0/2 interface ip address as its next-hop address and advertises to r3, and r3 will use serial 0/2 interface ip address as its next-hop address and advertises to r1. However for loopback peering to work, the next-hop address has to be changed using update-source command option.
r1 and r3 BGP neighborship verification
r1#sh ip bgp summary BGP router identifier 11.11.11.11, local AS number 65000 BGP table version is 36, main routing table version 36 11 network entries using 1287 bytes of memory 18 path entries using 936 bytes of memory 8/4 BGP path/bestpath attribute entries using 992 bytes of memory 4 BGP AS-PATH entries using 96 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 3311 total bytes of memory BGP activity 18/7 prefixes, 26/8 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 3.3.3.3 4 65000 1436 1457 36 0 0 23:50:36 8 192.168.0.14 4 65100 1586 1443 36 0 0 23:50:56 7 r1# r3#sh ip bgp summary BGP router identifier 33.33.33.33, local AS number 65000 BGP table version is 10, main routing table version 10 11 network entries using 1287 bytes of memory 18 path entries using 936 bytes of memory 8/3 BGP path/bestpath attribute entries using 992 bytes of memory 4 BGP AS-PATH entries using 96 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 3311 total bytes of memory BGP activity 18/7 prefixes, 25/7 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 1.1.1.1 4 65000 1458 1437 10 0 0 23:51:24 10 192.168.0.18 4 65200 1583 1431 10 0 0 23:46:59 7 r3#
If BGP peering fails IDLE state is expected, IDLE state means no attempted to start establishing BGP and did not receive any BGP peering attempt.
r1#sh tcp brief TCB Local Address Foreign Address (state) 85661D64 192.168.0.13.179 192.168.0.14.28718 ESTAB 84DFB9E0 1.1.1.1.21211 3.3.3.3.179 ESTAB r1# Tserver#3 [Resuming connection 3 to c15 ... ] r3#sh tcp brief TCB Local Address Foreign Address (state) 856589CC 192.168.0.17.179 192.168.0.18.12454 ESTAB 8572CDAC 3.3.3.3.179 1.1.1.1.21211 ESTAB r3#
Advertise default route at r1, so that non-BGP routers in AS65000 can reach r4 prefixes
r1#sh run | s ip route ip route 0.0.0.0 0.0.0.0 Null0 r1#sh run | s router ospf 1 router ospf 1 router-id 1.1.1.1 log-adjacency-changes area 0 authentication message-digest passive-interface default no passive-interface Serial0/1 no passive-interface Serial0/2 no passive-interface Loopback0 network 1.1.1.1 0.0.0.0 area 0 network 192.168.0.1 0.0.0.0 area 0 network 192.168.0.5 0.0.0.0 area 0 default-information originate r1# r1#sh run | s router bgp router bgp 65000 synchronization bgp router-id 11.11.11.11 bgp log-neighbor-changes network 192.168.0.0 mask 255.255.255.252 neighbor 3.3.3.3 remote-as 65000 neighbor 3.3.3.3 update-source Loopback0 neighbor 192.168.0.14 remote-as 65100 no auto-summary r1#
Line 2 is a default route statement to null 0, line 16 is to let OSPF advertise a default route, OSPF is interesting you can still advertise default route without a default route statement by using default-information originate always. Line 2 and 16 established the reachability from non-BGP speaking router to r4 prefixes, however the reply needs to return back to the originate source, line 23 is to let r4 knows how to reply back to the originate source in this case the originating source is from r2 prefixes.
Let’s go over to r2 and see the routing table and test the reachability from r2 to r4 prefixes.
r2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/51] via 192.168.0.1, 1d00h, Serial0/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/51] via 192.168.0.10, 1d00h, Serial0/0
192.168.0.0/30 is subnetted, 3 subnets
O 192.168.0.4 [110/100] via 192.168.0.10, 1d00h, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.0.1, 00:55:49, Serial0/1
r2#tclsh
r2(tcl)#foreach ip {
+>(tcl)#10.0.0.1
+>(tcl)#10.0.0.5
+>(tcl)#10.0.0.9
+>(tcl)#} {ping $ip}
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r2(tcl)#
the ping from the r2 to r4 prefixes were successful because the router itself originates the echo and r4 knows how to reply back to r2, but if ping is sent from source ip address 10.20.0.1 the echo is time out, because r4 has no knowledge of 10.20.0.0/24 route.
r2#ping Protocol [ip]: Target IP address: 10.0.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.20.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Packet sent with a source address of 10.20.0.1 ..... Success rate is 0 percent (0/5)
Advertise r2 prefix into bgp
r1#sh run | s router bgp router bgp 65000 synchronization bgp router-id 11.11.11.11 bgp log-neighbor-changes network 10.20.0.0 mask 255.255.255.0 network 192.168.0.0 mask 255.255.255.252 neighbor 3.3.3.3 remote-as 65000 neighbor 3.3.3.3 update-source Loopback0 neighbor 192.168.0.14 remote-as 65100 no auto-summary r1#
Line 6 is the network statement added. r1 has knowledge of 10.20.0.0/24 through OSPF, the BGP network statement advertises the route exists in r1’s routing table.
r2#ping Protocol [ip]: Target IP address: 10.0.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.20.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Packet sent with a source address of 10.20.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms r2#
This time r2’s prefix 10.20.0.0/24 can get echo reply from r4’s prefix. This is because 10.20.0.0/24 has been advertised to r4 via eBGP.
r4#sh ip route bgp | beg Gateway
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
B 10.20.0.0/24 [20/51] via 192.168.0.13, 00:05:13
172.17.0.0/28 is subnetted, 3 subnets
B 172.17.1.0 [20/0] via 192.168.0.22, 1d00h
B 172.17.1.16 [20/0] via 192.168.0.22, 1d00h
B 172.17.1.32 [20/0] via 192.168.0.22, 1d00h
192.168.0.0/24 is variably subnetted, 6 subnets, 2 masks
B 192.168.0.0/30 [20/0] via 192.168.0.13, 00:59:00
B 192.168.0.16/30 [20/0] via 192.168.0.22, 1d00h
r4#
Advertise specific r4 prefix into OSPF in AS65000
Suppose advertising default route in OSPF is not desirable, only one r4 prefix should be advertised, I can add a static route then redistribute into OSPF.
r1#sh run | s router ospf router ospf 1 router-id 1.1.1.1 log-adjacency-changes area 0 authentication message-digest redistribute static subnets passive-interface default no passive-interface Serial0/1 no passive-interface Serial0/2 no passive-interface Loopback0 network 1.1.1.1 0.0.0.0 area 0 network 192.168.0.1 0.0.0.0 area 0 network 192.168.0.5 0.0.0.0 area 0 r1#sh run | s ip route ip route 10.0.0.0 255.255.255.252 192.168.0.14 r1#
r2’s routing table
r2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/51] via 192.168.0.1, 1d00h, Serial0/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/51] via 192.168.0.10, 1d00h, Serial0/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O E2 10.0.0.0/30 [110/20] via 192.168.0.1, 00:02:15, Serial0/1
192.168.0.0/30 is subnetted, 3 subnets
O 192.168.0.4 [110/100] via 192.168.0.10, 1d00h, Serial0/0
r2#
r1’s BGP router process still advertises 10.20.0.0/24 prefix to its ebgp neighbor. Hence let’s test reachability using source address 10.20.0.1 and destination address 10.0.0.1
r2#ping Protocol [ip]: Target IP address: 10.0.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.20.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Packet sent with a source address of 10.20.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms r2#
cyruslab 
Such a great article pls keep going…………………….
Thank you for your encouragement 🙂