no assume, according to the network diagram, that we are the customer on AS65501 and we want to be able to control route advertisement in front of our ISP (AS65502), which in turn will advertise to the rest of the world (AS65503). one problem is that our router (R2) isn't sufficient for holding all transit traffic to our network (which reside behind R1), R1 in this case is a high-end firewall which doesn't support BGP while R2 is Cisco 881.we will use R2 for BGP peering with R3 (our ISP PE) which will advertise all our networks with next-hop directly to R1 which eventually redirect all traffic from R3 to our networks (192.168.x.x) directly to R1.
R1 Configuration:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface FastEthernet0/0
ip address 10.0.123.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65501
no synchronization
bgp log-neighbor-changes
redistribute connected
redistribute static route-map RM_NEXTHOP
neighbor 10.0.123.2 remote-as 65501
neighbor 10.0.123.2 soft-reconfiguration inbound
neighbor 10.0.123.3 remote-as 65502
neighbor 10.0.123.3 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
ip route 192.168.10.0 255.255.255.0 10.0.123.2
ip route 192.168.20.0 255.255.255.0 10.0.123.2
ip route 192.168.30.0 255.255.255.0 10.0.123.2
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list PL_STATIC seq 5 permit 192.168.10.0/24
ip prefix-list PL_STATIC seq 10 permit 192.168.20.0/24
ip prefix-list PL_STATIC seq 15 permit 192.168.30.0/24
!
route-map RM_NEXTHOP permit 10
match ip address prefix-list PL_STATIC
set ip next-hop 10.0.123.2
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R2 configuration:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface Loopback1
ip address 192.168.10.1 255.255.255.0
!
interface Loopback2
ip address 192.168.20.1 255.255.255.0
!
interface Loopback3
ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.123.2 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.123.3
!
!
no ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R3 configuration:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface FastEthernet0/0
ip address 10.0.123.3 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 10.0.34.3 255.255.255.0
speed 100
full-duplex
!
router bgp 65502
no synchronization
bgp log-neighbor-changes
neighbor 10.0.34.4 remote-as 65503
neighbor 10.0.34.4 soft-reconfiguration inbound
neighbor 10.0.123.1 remote-as 65501
neighbor 10.0.123.1 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R4 configuration:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface FastEthernet0/0
ip address 10.0.34.4 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65503
no synchronization
bgp log-neighbor-changes
neighbor 10.0.34.3 remote-as 65502
neighbor 10.0.34.3 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
No comments:
Post a Comment