CCIE SPv5.1 Labs
  • Page
  • Intro
    • Setup
  • MVPN
    • Start
    • Topology
    • Profile 0
    • Profile 0 with data MDTs
    • Profile 1
    • Profile 1 w/ Redundant Roots
    • Profile 1 with data MDTs
    • Profile 6
    • Profile 7
    • Profile 3
    • Profile 3 with S-PMSI
    • Profile 11
    • Profile 11 with S-PMSI
    • Profile 11 w/ Receiver-only Sites
    • Profile 9 with S-PMSI
    • Profile 12
    • Profile 13
    • UMH (Upstream Multicast Hop) Challenge
    • Profile 13 w/ Configuration Knobs
    • Profile 13 w/ PE RP
    • Profile 12 w/ PE Anycast RP
    • Profile 14 (Partitioned MDT)
    • Profile 14 with Extranet option #1
    • Profile 14 with Extranet option #2
    • Profile 14 w/ IPv6
    • Profile 17
    • Profile 19
    • Profile 21
  • MVPN SR
    • Start
    • Topology
    • Profile 27
    • Profile 27 w/ Constraints
    • Profile 27 w/ FRR
    • Profile 28
    • Profile 28 w/ Constraints and FRR
    • Profile 28 w/ Data MDTs
    • Profile 29
  • Segment Routing
    • Start
    • Topology
    • Basic SR with ISIS
    • Basic SR with OSPF
    • SRGB Modifcation
    • SR with ExpNull
    • SR Anycast SID
    • SR Adjacency SID
    • SR LAN Adjacency SID (Walkthrough)
    • SR and RSVP-TE interaction
    • SR basic inter-area with ISIS
    • SR basic inter-area with OSPF
    • SR basic inter-IGP (redistribution)
    • SR basic inter-AS using BGP
    • SR BGP Data Center (eBGP)
    • SR BGP Data Center (iBGP)
    • LFA
    • LFA Tiebreakers (ISIS)
    • LFA Tiebreakers (OSPF)
    • Remote LFA
    • RLFA Tiebreakers?
    • TI-LFA
    • Remote LFA or TILFA?
    • TI-LFA Node Protection
    • TI-LFA SRLG Protection
    • TI-LFA Protection Priorities (ISIS)
    • TI-LFA Protection Priorities (OSPF)
    • Microloop Avoidance
    • SR/LDP Interworking
    • SR/LDP SRMS OSPF Inter-Area
    • SR/LDP Design Challenge #1
    • SR/LDP Design Challenge #2
    • Migrate LDP to SR (ISIS)
    • OAM with SR
    • SR-MPLS using IPv6
    • Basic SR-TE with AS
    • Basic SR-TE with AS and ODN
    • SR-TE with AS Primary/Secondary Paths
    • SR-TE Dynamic Policies
    • SR-TE Dynamic Policy with Margin
    • SR-TE Explicit Paths
    • SR-TE Disjoint Planes using Anycast SIDs
    • SR-TE Flex-Algo w/ Latency
    • SR-TE Flex-Algo w/ Affinity
    • SR-TE Disjoint Planes using Flex-Algo
    • SR-TE BSIDs
    • SR-TE RSVP-TE Stitching
    • SR-TE Autoroute Include
    • SR inter-IGP using PCE
    • SR-TE PCC Features
    • SR-TE PCE Instantiated Policy
    • SR-TE PCE Redundancy
    • SR-TE PCE Redundancy w/ Sync
    • SR-TE Basic BGP EPE
    • SR-TE BGP EPE for Unified MPLS
    • SR-TE Disjoint Paths
    • SR Converged SDN Transport Challenge
    • SR OAM DPM
    • SR OAM Tools
    • Performance-Measurement (Interface Delay)
  • EVPN
    • Start
    • Topology
    • EVPN VPWS
    • EVPN VPWS Multihomed
    • EVPN VPWS Multihomed Single-Active
    • Basic Single-homed EVPN E-LAN
    • EVPN E-LAN Service Label Allocation
    • EVPN E-LAN Ethernet Tag
    • EVPN E-LAN Multihomed
    • EVPN E-LAN on XRv
    • EVPN IRB
    • EVPN-VPWS Multihomed IOS-XR (All-Active)
    • EVPN-VPWS Multihomed IOS-XR (Port-Active)
    • EVPN-VPWS Multihomed IOS-XR (Single-Active)
    • EVPN-VPWS Multihomed IOS-XR (Non-Bundle)
    • PBB-EVPN (Informational)
  • VPWS
    • Start
    • Topology
    • Basic VPWS
    • VPWS with Tag Manipulation
    • Redundant VPWS
    • Redundant VPWS (IOS-XR)
    • VPWS with PW interfaces
    • Manual VPWS
    • VPWS with Sequencing
    • Pseudowire Logging
    • VPWS with FAT-PW
    • MS-PS (Pseudowire stitching)
    • VPWS with BGP AD
  • VPLS
    • Start
    • Topology
    • Basic VPLS with LDP
    • VPLS with LDP and BGP
    • VPLS with BGP only
    • Hub and Spoke VPLS
    • Tunnel L2 Protocols over VPLS
    • Basic H-VPLS
    • H-VPLS with BGP
    • H-VPLS with QinQ
    • H-VPLS with Redundancy
    • VPLS with Routing
    • VPLS MAC Protection
    • Basic E-TREE
    • VPLS with LDP/BGP-AD and XRv RR
    • VPLS with BGP and XRv RR
    • VPLS with Storm Control
  • BGP Multi-Homing (XE)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 Shadow Session
    • Lab5 Shadow RR
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + Shadow RR
    • Lab9 MPLS + RDs + UCMP
  • BGP Multi-Homing (XR)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 “Shadow Session”
    • Lab5 “Shadow RR”
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + “Shadow RR”
    • Lab9 MPLS + RDs + UCMP
    • Lab10 MPLS + Same RD + Add-Path + UCMP
    • Lab11 MPLS + Same RD + Add-Path + Repair Path
  • BGP
    • Start
    • Conditional Advertisement
    • Aggregation and Deaggregation
    • Local AS
    • BGP QoS Policy Propagation
    • Non-Optimal eBGP Routing
    • Multihomed Enterprise Challenge
    • Provider Communities
    • Destination-Based RTBH
    • Destination-Based RTBH (Community-Based)
    • Source-Based RTBH
    • Source-Based RTBH (Community-Based)
    • Multihomed Enterprise Challenge (XRv)
    • Provider Communities (XRv)
Powered by GitBook
On this page
  • Answer
  • Explanation
  • Verification
  1. BGP

Multihomed Enterprise Challenge

PreviousNon-Optimal eBGP RoutingNextProvider Communities

Last updated 2 days ago

Topology: bgp-mh-iol

configure replace unix:init.cfg

  • All links are in the format 100.X.Y.X/24.

    • For example, the link between R4 and R7 is 100.4.7.0/24.

  • Lo0 is X.X.X.X/32 and is used for iBGP

  • Lo1 is <AS>.0.0.X/32 and is used as a public IP address that is pingable. The public Lo1 addresses are aggregated into a /8 at each edge router.

  • eBGP and iBGP is fully preconfigured, but no policies are configured.

Goals:

  • Configure AS50 as a stub AS - it should not provide transit

  • Configure AS20 and AS30 to only advertise a default plus partial routes to AS50

    • AS20 must advertise prefixes of directly connected customers, which is AS40

  • AS50 has two uplinks to AS20, and the R7-R4 link is better. Configure outbound traffic flow so that traffic always prefers this link as opposed to the R8-R5 link. But additionally, traffic destined for AS30 should prefer the R9-R6 link.

  • Influence inbound traffic flow into AS50 so that it arrives via the R7-R4 link for all traffic except for traffic originated in AS30. This traffic should arrive over the direct link. AS30 provides the following communities that AS50 can use to influence LP, in route-map CUSTOMER_IN.

    • 30:80 (set LP=80)

    • 30:120 (set LP=120)

This is a complicated lab which may take a while to solve. I’d encourage you to take your time with this one, as there is a lot of policy going on here.

Answer

#R2
route-map CUSTOMER_IN
 set community 20:1000
!
router bgp 20
 template peer-policy IBGP
  send-community
 exit-peer-policy
 neighbor 100.2.10.10 route-map CUSTOMER_IN in

#R4
ip community-list 1 permit 20:1000
ip as-path access-list 1 permit ^$
!
route-map CUSTOMER_OUT
 match as-path 1
route-map CUSTOMER_OUT permit 20
 match community 1
!
router bgp 20
 neighbor 100.4.7.7 route-map CUSTOMER_OUT out
 neighbor 100.4.7.7 default-originate

#R5
ip community-list 1 permit 20:1000
ip as-path access-list 1 permit ^$
!
route-map CUSTOMER_OUT
 match as-path 1
route-map CUSTOMER_OUT permit 20
 match community 1
!
router bgp 20
 neighbor 100.5.8.8 route-map CUSTOMER_OUT out
 neighbor 100.5.8.8 default-originate

#R6
ip as-path access-list 1 permit ^$
!
route-map CUSTOMER_OUT
 match as-path 1
!
router bgp 30
 neighbor 100.6.9.9 route-map CUSTOMER_OUT out
 neighbor 100.6.9.9 route-map CUSTOMER_IN in
 neighbor 100.6.9.9 default-originate

#R7
ip as-path access-list 1 permit ^$
!
route-map R4_OUT
 match as-path 1
!
route-map R4_IN
 set local-pref 120
!
router bgp 50
 add ipv4
  neighbor 100.4.7.4 route-map R4_IN in
  neighbor 100.4.7.4 route-map R4_OUT out

#R8
ip as-path access-list 1 permit ^$
!
route-map R5_OUT
 match as-path 1
 set as-path prepend 50 50
!
router bgp 50
 add ipv4
  neighbor 100.5.8.5 route-map R5_OUT out

#R9
ip as-path access-list 1 permit ^$
!
route-map R6_OUT
 match as-path 1
 set community 30:120
 set as-path prepend 50 50
!
router bgp 50
 add ipv4
  neighbor 100.6.9.6 route-map R6_OUT out
  neighbor 100.6.9.6 send-community

Explanation

This challenge requires quite a bit of configuration. Here is how the general requirements are solved:

  • Configure AS50 as a stub AS - it should not provide transit

    • AS50 only advertises AS paths that match ^$

  • Configure AS20 and AS30 to only advertise a default plus partial routes to AS50

    • R2 sets inbound routes from AS40 with a community. R4 and R5 match this community, plus advertise locally-generated routes (AS path ^$).

  • AS50 has two uplinks to AS20, and the R7-R4 link is better. Configure outbound traffic flow so that traffic always prefers this link as opposed to the R8-R5 link. But additionally, traffic destined for AS30 should prefer the R9-R6 link.

    • Naturally, because AS30 is advertising only its local prefixes, AS50 will prefer these routes due to longest-match routing. To configure other outbound traffic to always prefer the R7-R4 link, we set LP higher on routes received from R4.

  • Influence inbound traffic flow into AS50 so that it arrives via the R7-R4 link for all traffic except for traffic originated in AS30. This traffic should arrive over the direct link.

    • Advertisements from R8 are AS path prepended. This is necessary so that R20 always prefers the R4-R7 link.

      • An alternative could be to set MED higher on routes advertised from R8

    • Advertisements from R9 are also AS path prepended. But we want AS30 to locally use R9 instead of taking a long path through AS20. To do this, we set the community 30:120 so that AS30 will set the prefixes to have a higher LP. But when AS30 advertises this to AS10, the path is prepended so that AS10 will still prefer the path via AS20.

      • A common mistake is to make the LP=80 in AS30. However, if you do this, AS30 will always prefer to route via AS10 instead of via the local eBGP peering. So instead we use AS path prepending to influence inbound routing and let LP just influence AS30’s local decision.

Verification

First we’ll verify that AS50 is not a transit AS. On routers R7, R8 and R9, they should only advertise the local 50/8 prefix to their eBGP peers.

Next we’ll verify that AS20 and AS30 only advertise their directly connected prefixes, customer prefixes, and a default towards AS50. We can verify this on the AS50 routers. Notice that 10/8 is not learned, because this is not a customer or local prefix for AS20 and AS30. AS50 will follow the default to reach 10/8.

The above output also helps us verify that outbound traffic in AS50 is configured correctly. Notice that the bestpaths are all paths on R7, and only 30/8 on R9. 30/8 is the local prefix for AS30, and we want only traffic destined for AS30 or AS30’s customers to be reached through R9. All other outbound traffic should egress R7. Verify on R8 and R9 that all best paths point towards R9 except for 30/8.

Finally we examine inbound traffic to AS50. This should all ingress R7, except for any locally originated traffic in AS30. From each AS, we can source a traceroute to test this out.

Our tests pass. All traffic arrives via the R4-R7 link, except for the traceroute generated in AS30 at R3. We can see at R6 that LP is set to 120 for the 50/8 prefix.

However, it is also prepended. So when this is advertised upstream to R1, R1 will choose the path with the shorter AS_PATH length via R2. Note that R1 is however free to choose whatever path it wants based on its own local policies. In the real world, there is not much you can do to prevent this. You could attach a no-export community to R6, but that would defeat the purpose of having redundancy.