Category Archives: Cisco

RIPng for IPv6 Routing

September 5, 2016Cisco, IPv6, RIPIGP, IPv6, RIPng, RoutingAmolak

RIPng (Routing Information Protocol Next Generation) defined in RFC 2080 is an extension of RIPv2 for support of IPv6. RIP is a distance vector routing protocol.

We will not talk much about how RIP and distance vector algorithm works. We will demonstrate how it can be configured for IPv6 routing.

RIPng Messaging

There are two basic RIPng message types, RIP Request and RIP Response, which are exchanged using the User Datagram Protocol (UDP) port number 521.

RIP Request messages are sent to UDP destination port 521. They may have a source port of 521 or may use an ephemeral port number.

RIP Response messages sent in reply to an RIP Request are sent with a source port of 521, and a destination port equal to whatever source port the RIP Request used.

Unsolicited RIP Response messages (sent on a routine basis and not in response to a request) are sent with both the source and destination ports set to 521.

Here is the network topology for our discussion:

We will discuss following topics:

RIPng configuration
RIPng Route Metric Manipulation
RIPng Route Aggregation/Summarization
RIPng Default Route
RIPng Route Filter

RIPng Configuration

R1

!! Enable IPv6 Routing globally !!
ipv6 unicast-routing
!
!! Enable RIPng at interface level !!
!! ipv6 rip [pid] enable, RIPV6 is a process ID used here !!
!
interface Loopback0
 ipv6 address 2001::1/128
 ipv6 rip RIPV6 enable
!
interface GigabitEthernet0/0
 ipv6 address 2001:1:2:14::1/64
 ipv6 rip RIPV6 enable
!
interface FastEthernet1/0
 ipv6 address 2001:1:2:13::1/64
 ipv6 rip RIPV6 enable

R4

ipv6 unicast-routing
!
interface Loopback0
 ipv6 address 2001::4/128
 ipv6 rip RIPV6 enable
!
interface GigabitEthernet0/0
 ipv6 address 2001:1:2:14::4/64
 ipv6 rip RIPV6 enable
!
interface GigabitEthernet1/0
 ipv6 address 2001:1:2:34::4/64
 ipv6 rip RIPV6 enable


R3

ipv6 unicast-routing
!
interface Loopback0
 ipv6 address 2001::3/128
 ipv6 rip RIPV6 enable
!
interface GigabitEthernet0/0
 ipv6 address 2001:1:2:34::3/64
 ipv6 rip RIPV6 enable
!
interface FastEthernet1/0
 ipv6 address 2001:1:2:13::3/64
 ipv6 rip RIPV6 enable
!
interface FastEthernet1/1
 ipv6 address 2001:1:2:23::3/64
 ipv6 rip RIPV6 enable
!
 
R2

ipv6 unicast-routing
!
interface Loopback0
 ipv6 address 2001::2/128
 ipv6 rip RIPV6 enable
!
interface FastEthernet0/0
 ipv6 address 2001:1:2:23::2/64
 ipv6 rip RIPV6 enable

Verification & Testing:

R1#sh ipv6 protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "rip RIPV6"
  Interfaces:
    FastEthernet1/0
    GigabitEthernet0/0
    Loopback0
  Redistribution:
    None

R1#show ipv6 rip
RIP process "RIPV6", port 521, multicast-group FF02::9, pid 276
     Administrative distance is 120. Maximum paths is 16
     Updates every 30 seconds, expire after 180
     Holddown lasts 0 seconds, garbage collect after 120
     Split horizon is on; poison reverse is off
     Default routes are not generated
     Periodic updates 45, trigger updates 3
     Full Advertisement 1, Delayed Events 0
  Interfaces:
    FastEthernet1/0
    GigabitEthernet0/0
    Loopback0
  Redistribution:
    None

R1#show ipv6 route rip
IPv6 Routing Table - default - 11 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
R   2001::2/128 [120/3]
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0
R   2001::4/128 [120/2]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
R   2001:1:2:23::/64 [120/2]
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0
R   2001:1:2:34::/64 [120/2]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0

!! Routing for Loopback interface of R2 !!
R1#show ipv6 route 2001::2
Routing entry for 2001::2/128
  Known via "rip RIPV6", distance 120, metric 3
  Route count is 1/1, share count 0
  Routing paths:
    FE80::C803:21FF:FE78:1C, FastEthernet1/0
      Last updated 00:23:15 ago
!! Routing entry is known via RIP process RIPV6, administrative distance is 120 and metric(hop count) is 3. Next-Hop is link-local IP (FE80::C803:21FF:FE78:1C) of neighbor router interface which is connected via FastEthernet1/0. !!
R3#sh ipv6 int f1/0
FastEthernet1/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::C803:21FF:FE78:1C

R1#ping 2001::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/82/136 ms

R1#traceroute 2001::2
Type escape sequence to abort.
Tracing the route to 2001::2

  1 2001:1:2:13::3 32 msec 56 msec 24 msec
  2 2001:1:2:23::2 60 msec 64 msec 84 msec

Similar test can be done on other routers to verify IPv6 routing.

R4#sh ipv6 route rip
IPv6 Routing Table - default - 11 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
R   2001::1/128 [120/2]
     via FE80::C800:27FF:FE54:8, GigabitEthernet0/0
R   2001::2/128 [120/3]
     via FE80::C803:21FF:FE78:8, GigabitEthernet1/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:8, GigabitEthernet1/0
R   2001:1:2:13::/64 [120/2]
     via FE80::C803:21FF:FE78:8, GigabitEthernet1/0
     via FE80::C800:27FF:FE54:8, GigabitEthernet0/0
R   2001:1:2:23::/64 [120/2]
     via FE80::C803:21FF:FE78:8, GigabitEthernet1/0

R3#show ipv6 route rip
IPv6 Routing Table - default - 12 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
R   2001::1/128 [120/2]
     via FE80::C800:27FF:FE54:1C, FastEthernet1/0
R   2001::2/128 [120/2]
     via FE80::C801:27FF:FE54:8, FastEthernet1/1
R   2001::4/128 [120/2]
     via FE80::C802:21FF:FE78:1C, GigabitEthernet0/0
R   2001:1:2:14::/64 [120/2]
     via FE80::C802:21FF:FE78:1C, GigabitEthernet0/0
     via FE80::C800:27FF:FE54:1C, FastEthernet1/0


R2#show ipv6 route rip
IPv6 Routing Table - default - 10 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
R   2001::1/128 [120/3]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::4/128 [120/3]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2:13::/64 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2:14::/64 [120/3]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2:34::/64 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0

R2#ping 2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/80/120 ms
R2#ping 2001::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/41/56 ms
R2#ping 2001::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/58/80 ms

RIPng Route Metric Manipulation

As we see in above output the traffic from R1 to R3/R2 is going via R3 based on the lowest metric(hop-count). We want to go it via R4 (i.e, R1 -> R4 -> R3 -> R2). We can do it by increment the metric on link between R1 and R3. This feature is called metric-offset.

Routing before metric-offset

R1#show ipv6 route rip
<snip>
R   2001::2/128 [120/3]
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0
R   2001::4/128 [120/2]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
R   2001:1:2:23::/64 [120/2]
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0
R   2001:1:2:34::/64 [120/2]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
     via FE80::C803:21FF:FE78:1C, FastEthernet1/0

R3#show ipv6 route rip
<snip>
R   2001::1/128 [120/2]
     via FE80::C800:27FF:FE54:1C, FastEthernet1/0
R   2001::2/128 [120/2]
     via FE80::C801:27FF:FE54:8, FastEthernet1/1
R   2001::4/128 [120/2]
     via FE80::C802:21FF:FE78:1C, GigabitEthernet0/0
R   2001:1:2:14::/64 [120/2]
     via FE80::C802:21FF:FE78:1C, GigabitEthernet0/0
     via FE80::C800:27FF:FE54:1C, FastEthernet1/0

Metric-offset configuration

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#interface FastEthernet1/0
R1(config-if)# ipv6 rip RIPV6 metric-offset 3
R1(config-if)#end

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#interface FastEthernet1/0
R3(config-if)#ipv6 rip RIPV6 metric-offset 3
R3(config-if)#end

Routing after metric-offset

!! Metric for all routes learned via Fa1/0 has been incremented by 3 and routes via Gig0/0 has lowest metric and best path in routing table.!!

R1#show ipv6 route rip
<snip>
R   2001::2/128 [120/4]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
R   2001::3/128 [120/3]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
R   2001::4/128 [120/2]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
R   2001:1:2:23::/64 [120/3]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0
R   2001:1:2:34::/64 [120/2]
     via FE80::C802:21FF:FE78:8, GigabitEthernet0/0

R1#ping 2001::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/60/80 ms

R1#traceroute 2001::2
Type escape sequence to abort.
Tracing the route to 2001::2

  1 2001:1:2:14::4 28 msec 36 msec 28 msec  <<<< R4
  2 2001:1:2:34::3 16 msec 76 msec 32 msec  <<<< R3
  3 2001:1:2:23::2 76 msec 68 msec 60 msec  <<<< R2


R3#show ipv6 route rip
<snip>
R   2001::1/128 [120/3]
     via FE80::C802:21FF:FE78:1C, GigabitEthernet0/0
R   2001::2/128 [120/2]
     via FE80::C801:27FF:FE54:8, FastEthernet1/1
R   2001::4/128 [120/2]
     via FE80::C802:21FF:FE78:1C, GigabitEthernet0/0
R   2001:1:2:14::/64 [120/2]
     via FE80::C802:21FF:FE78:1C, GigabitEthernet0/0

R3#ping 2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/25/32 ms

R3#traceroute 2001::1
Type escape sequence to abort.
Tracing the route to 2001::1

  1 2001:1:2:34::4 24 msec 36 msec 16 msec  <<<< R4
  2 2001:1:2:14::1 60 msec 16 msec 28 msec  <<<< R1

RIPng Route Aggregation/Summarization

We want to aggregate following routes on R3 which are received from R4 and R1 and advertise summary route to R2.

2001:1:2:34::/64
2001:1:2:14::/64
2001:1:2:13::/64

Summary route – These 3 routes has first 48 bits common (2001:1:2), so we can aggregate as follows

2001:1:2::/48

R2 routing table before route aggregation on R3

R2#show ipv6 route rip
<snip>
R   2001::1/128 [120/4]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::4/128 [120/3]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2:13::/64 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2:14::/64 [120/3]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2:34::/64 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0

Route aggregation configuration on R3

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#interface FastEthernet1/1
R3(config-if)#ipv6 rip RIPV6 summary-address 2001:1:2::/48
R3(config-if)#end


R2 routing table after route aggregation on R3

R2#show ipv6 route rip
<snip>
R   2001::1/128 [120/4]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::4/128 [120/3]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2::/48 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0

RIPng Default Route

We want to advertise a default route to R2 from R3 so that R2 can send traffic for any unknown prefix to R3.

R2 Before default route configuration

R2#show ipv6 route ::/0
% Route not found

Default-route configuration on R3

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#interface FastEthernet1/1
R3(config-if)#ipv6 rip RIPV6 default-information originate
R3(config-if)#end

R2 after default route configuration

R2#show ipv6 route ::/0
Routing entry for ::/0
  Known via "rip RIPV6", distance 120, metric 2
  Route count is 1/1, share count 0
  Routing paths:
    FE80::C803:21FF:FE78:1D, FastEthernet0/0
      Last updated 00:02:11 ago

RIPng Route Filter

RIPng uses IPv6 prefix-lists to filter routing updates. You apply prefix-lists either inbound or outbound under the RIPng process configuration mode. You may choose to associate an interface with the distribute-list, or apply it to all interfaces simultaneously by not specifying an interface.

Let’s say we want R2 to filter R4’s Loopback0 IPv6 prefix from entering the local routing table.

R2 routing table before applying route filter

R2#show ipv6 route rip
<snip>
R   ::/0 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::1/128 [120/4]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::4/128 [120/3]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2::/48 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0

Configuration

!! Configured ipv6 prefix-list to deny 2001::4/128(R4's Loopback IP) and permit everything else. This prefix list is applied under RIPng process ID in inbound direction !!

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#ipv6 prefix-list FILTER deny  2001::4/128
R2(config)#ipv6 prefix-list FILTER permit ::/0 le 128
R2(config)#ipv6 router rip RIPV6
R2(config-rtr)# distribute-list prefix-list FILTER in
R2(config-rtr)#end

R2#show ipv6 route rip
<snip>
R   ::/0 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::1/128 [120/4]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001::3/128 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0
R   2001:1:2::/48 [120/2]
     via FE80::C803:21FF:FE78:1D, FastEthernet0/0

After applying the route filter, routing entry for R4's Loopback IP is gone but all other routes are still present int the routing table.

R2#ping 2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/65/84 ms

BGP Outbound Route Filtering – ORF

April 8, 2016BGP, Cisco, Service ProviderBGP, ORF, Outbound Router FilteringAmolak

When a customer connects a CE router to provider PE router for BGP peering, there are limited options for what routes a CE can receive from PE via BGP. Usually Service provider give the customer option of sending Full BGP table, just a default route, or some specific prefix such as default route + service provider’s locally originated prefix. Normally service provider do not want to implement complex outbound route filter policy for the customer. And customer implement a inbound route filter policy to receive prefix whatever they required.

From administrative point of view service provider is happy as they don’t have to worry about the change request coming from customer to add or remove the prefix in provider to customer advertisements.

Similarly, customer don’t have to submit a change request to service provider and can modify inbound filter policy as per their requirements.

But from a resources usage point of view this is not a optimal design. Provider router is still sending full bgp table (around 500k prefix) and customer router also process all of the BGP updates and ultimately just wanted to accept a few prefixes (sometime 1-2%) and deny all others.

Here, BGP Outbound Route Filtering capability plays a significant role to optimize this design without increasing the administrative overhead for service provider to make frequent changes for filtering prefix advertisements to the customer.

With BGP ORF capability, CE router tells dynamically PE Routers what outbound filter PE should use to advertise prefix to the CE.

Let’s configure this feature and see how it works. We will use following network topology for this discussion.

Here is the initial BGP configuration and status on both routers:

PE Router

- BGP Peering is UP between PE and CE Router
- PE is advertising full bgp table to CE

R2#sh run | s bgp
router bgp 200
 bgp log-neighbor-changes
 network 0.0.0.0
 network 2.2.1.0 mask 255.255.255.0
 network 2.2.2.0 mask 255.255.255.0
 network 2.2.3.0 mask 255.255.255.0
 network 2.2.4.0 mask 255.255.255.0
 network 2.2.5.0 mask 255.255.255.0
 neighbor 1.1.1.1 remote-as 100

R2#sh ip bgp sum | b Nei
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100       5       6        7    0    0 00:01:39        0

R2#sh ip bgp
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i
 *>  2.2.4.0/24       0.0.0.0                  0         32768 i
 *>  2.2.5.0/24       0.0.0.0                  0         32768 i

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i
 *>  2.2.4.0/24       0.0.0.0                  0         32768 i
 *>  2.2.5.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 6

CE Router

- BGP Peering is UP between CE and PE Router
- CE is receiving full bgp table from PE

R1#sh run | s bgp
router bgp 100
 bgp log-neighbor-changes
 neighbor 1.1.1.2 remote-as 200

R1#sh ip bgp sum | b Nei
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.2         4          200      12      12       19    0    0 00:07:35        6

R1#sh ip bgp
BGP table version is 19, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.3.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.4.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.5.0/24       1.1.1.2                  0             0 200 i

Let’s first apply inbound filter on CE Router. CE want to accept below prefix only:

Default route + 2 specific prefix
0.0.0.0/0
2.2.1.0/24
2.2.2.0/24

R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list FILTER permit 0.0.0.0/0
R1(config)#ip prefix-list FILTER permit 2.2.1.0/24
R1(config)#ip prefix-list FILTER permit 2.2.2.0/24
R1(config)#
R1(config)#router bgp 100
R1(config-router)# neighbor 1.1.1.2 prefix-list FILTER in
R1(config-router)#
R1(config-router)#end
R1#
*Apr  8 12:09:58.667: %SYS-5-CONFIG_I: Configured from console by console
R1#clear ip bgp * soft
R1#sh ip bgp
BGP table version is 22, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i

it appears our requirement is fulfilled but there is something not optimal behind the scene. Let’s debug the BGP advertisements.

PE is still advertising full BGP table to CE.

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i
 *>  2.2.4.0/24       0.0.0.0                  0         32768 i
 *>  2.2.5.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 6

We can see before accepting the required 3 prefixes in BGP table, CE router has processed all received prefixes from PE and denied the prefixes which are not permitted in the inbound prefix-list applied for neighbor 1.1.1.2 on CE router. Just imagine the resources usage if it was the actual full bgp table of 500K prefixes.

R1#debug ip bgp updates
BGP updates debugging is on for address family: IPv4 Unicast
R1#
R1#clear ip bgp 1.1.1.2
R1#
*Apr  8 12:15:10.551: BGP(0): no valid path for 0.0.0.0/0
*Apr  8 12:15:10.555: BGP(0): no valid path for 2.2.1.0/24
*Apr  8 12:15:10.559: BGP(0): no valid path for 2.2.2.0/24
*Apr  8 12:15:10.567: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Down User reset
*Apr  8 12:15:10.571: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.2 IPv4 Unicast topology base removed from session  User reset
*Apr  8 12:15:10.575: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 0.0.0.0/0
*Apr  8 12:15:10.583: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.1.0/24
*Apr  8 12:15:10.591: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.2.0/24
*Apr  8 12:15:10.883: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up
*Apr  8 12:15:10.979: BGP(0): 1.1.1.2 rcvd UPDATE w/ attr: nexthop 1.1.1.2, origin i, metric 0, merged path 200, AS_PATH
*Apr  8 12:15:10.991: BGP(0): 1.1.1.2 rcvd 0.0.0.0/0
*Apr  8 12:15:10.995: BGP(0): 1.1.1.2 rcvd 2.2.1.0/24
*Apr  8 12:15:10.999: BGP(0): 1.1.1.2 rcvd 2.2.2.0/24
*Ap
R1#r  8 12:15:11.003: BGP(0): 1.1.1.2 rcvd 2.2.3.0/24 -- DENIED due to: distribute/prefix-list;
*Apr  8 12:15:11.007: BGP(0): 1.1.1.2 rcvd 2.2.4.0/24 -- DENIED due to: distribute/prefix-list;
*Apr  8 12:15:11.011: BGP(0): 1.1.1.2 rcvd 2.2.5.0/24 -- DENIED due to: distribute/prefix-list;
*Apr  8 12:15:11.015: BGP(0): Revise route installing 1 of 1 routes for 0.0.0.0/0 -> 1.1.1.2(global) to main IP table
*Apr  8 12:15:11.015: BGP(0): Revise route installing 1 of 1 routes for 2.2.1.0/24 -> 1.1.1.2(global) to main IP table
*Apr  8 12:15:11.019: BGP(0): Revise route installing 1 of 1 routes for 2.2.2.0/24 -> 1.1.1.2(global) to main IP table

R1#sh ip bgp
BGP table version is 34, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i

Let’s try BGP ORF feature now.

CE Router - R1

R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list FILTER permit 0.0.0.0/0
R1(config)#ip prefix-list FILTER permit 2.2.1.0/24
R1(config)#ip prefix-list FILTER permit 2.2.2.0/24
R1(config)#
R1(config)#router bgp 100
R1(config-router)#neighbor 1.1.1.2 capability orf prefix-list send
R1(config-router)# neighbor 1.1.1.2 prefix-list FILTER in
R1(config-router)#end
*Apr  8 12:22:38.879: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Down Capability changed
*Apr  8 12:22:38.883: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.2 IPv4 Unicast topology base removed from session  Capability changed
*Apr  8 12:22:39.391: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up


PE Router - R2

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router bgp 200
R2(config-router)#neighbor 1.1.1.1 capability orf prefix-list receive
R2(config-router)#
*Apr  8 12:26:25.267: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down Capability changed
*Apr  8 12:26:25.271: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.1 IPv4 Unicast topology base removed from session  Capability changed
*Apr  8 12:26:25.955: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
R2(config-router)#
R2(config-router)#end
R2#

Verification:

CE Router (R1) has negotiated ORF capability with neighbor router (PE R2) and sent the prefix-list ORF to PE neighbor. 

R1#sh ip bgp neighbors 1.1.1.2

<snip>

 For address family: IPv4 Unicast
  Session: 1.1.1.2
  BGP table version 46, neighbor version 46/0
  Output queue size : 0
  Index 7, Advertise bit 0
  7 update-group member
  AF-dependant capabilities:
    Outbound Route Filter (ORF) type (128) Prefix-list:
      Send-mode: advertised
      Receive-mode: received
  Outbound Route Filter (ORF): sent;
  Incoming update prefix filter list is FILTER

<snip>

PE Router (R2) has negotiated ORF capability with neighbor router (CE R1) and received the prefix-list ORF from CE neighbor.

R2#sh ip bgp neighbors 1.1.1.1

<snip>

 For address family: IPv4 Unicast
  Session: 1.1.1.1
  BGP table version 7, neighbor version 7/0
  Output queue size : 0
  Index 7, Advertise bit 0
  7 update-group member
  AF-dependant capabilities:
    Outbound Route Filter (ORF) type (128) Prefix-list:
      Send-mode: received
      Receive-mode: advertised
  Outbound Route Filter (ORF): received (3 entries)

<snip> 


R2#sh ip bgp neighbors 1.1.1.1 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 1.1.1.1: 3 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
R2#

!! -- You can see there is no local prefix-list in running configuration of R2 --!!

R2#sh ip prefix-list
R2#

!! -- Now R2 is advertising only those prefixes to neighbor which are permitted in ORF prefix-list --!! 

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 3

Let's debug bgp updates on R1 to see what it is receiving.
It is receiving only required prefix from neighbor. There is no extra CPU resources used for processing unnecessary updates.

R1#debug ip bgp updates
BGP updates debugging is on for address family: IPv4 Unicast

R1#clear ip bgp 1.1.1.2
R1#
*Apr  8 13:10:36.119: BGP(0): no valid path for 0.0.0.0/0
*Apr  8 13:10:36.123: BGP(0): no valid path for 2.2.1.0/24
*Apr  8 13:10:36.123: BGP(0): no valid path for 2.2.2.0/24
*Apr  8 13:10:36.135: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Down User reset
*Apr  8 13:10:36.139: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.2 IPv4 Unicast topology base removed from session  User reset
*Apr  8 13:10:36.143: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 0.0.0.0/0
*Apr  8 13:10:36.147: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.1.0/24
*Apr  8 13:10:36.155: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.2.0/24
R1#
*Apr  8 13:10:37.291: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up
*Apr  8 13:10:38.219: BGP(0): 1.1.1.2 rcvd UPDATE w/ attr: nexthop 1.1.1.2, origin i, metric 0, merged path 200, AS_PATH
*Apr  8 13:10:38.227: BGP(0): 1.1.1.2 rcvd 0.0.0.0/0
*Apr  8 13:10:38.231: BGP(0): 1.1.1.2 rcvd 2.2.1.0/24
*Apr  8 13:10:38.235: BGP(0): 1.1.1.2 rcvd 2.2.2.0/24
*Apr  8 13:10:38.239: BGP(0): Revise route installing 1 of 1 routes for 0.0.0.0/0 -> 1.1.1.2(global) to main IP table
*Apr  8 13:10:38.247: BGP(0): Revise route installing 1 of 1 routes for 2.2.1.0/24 -> 1.1.1.2(global) to main IP table
*Apr  8 13:10:38.247: BGP(0): Revise route installing 1 of 1 routes for 2.2.2.0/24 -> 1.1.1.2(global) to main IP table
R1#

In future, if CE want to receive one more prefix 2.2.3.0/24 from PE. CE just have to modify its prefix-list.

!!-- Existing prefix-list --!!
R1#sh ip prefix-list
ip prefix-list FILTER: 3 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list FILTER seq 20 permit 2.2.3.0/24
R1(config)#
R1(config)#end
R1#
*Apr  8 13:15:03.579: %SYS-5-CONFIG_I: Configured from console by console

!!-- New prefix-list --!!
R1#sh ip prefix-list
ip prefix-list FILTER: 4 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
   seq 20 permit 2.2.3.0/24
R1#

R1#clear ip bgp 1.1.1.2 in ?
  prefix-filter  Push out prefix-list ORF and do inbound soft reconfig
  <cr>
R1#clear ip bgp 1.1.1.2 in prefix-filter


R2 has the updated prefix-filter now.

R2#sh ip bgp neighbors 1.1.1.1 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 1.1.1.1: 4 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
   seq 20 permit 2.2.3.0/24

R2 advertised prefixes based on the updated prefix-filter

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 4

R1 has the required prefixes in its BGP table. 

R1#sh ip bgp
BGP table version is 59, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.3.0/24       1.1.1.2                  0             0 200 i

Test AAA Server on Cisco ASA and IOS Devices

March 29, 2016AAA, Cisco, Cisco ASA, SecurityAAA, Cisco ASA, Cisco IOSAmolak

When We configure AAA on Cisco ASA or any IOS device (Router/Switch), it is always a good practice to confirm that the configuration is good and the server is available and responding correctly.

Cisco IOS:

Radius Server IP Address: 10.1.2.3
Username: amolak
Password: password123

ROUTER-1#test aaa group radius server 10.1.2.3 amolak password123 legacy
Attempting authentication test to server-group radius using radius
User was successfully authenticated.

ROUTER-1#test aaa group radius server 10.1.2.3 amolak wrongpassword legacy
Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.

Cisco ASA:

Radius Servers Group Name: RADIUS-SERVERS
Radius Server IP Address: 10.1.2.3
Username: amolak
Password: password123

ASA-1# test aaa-server authentication RADIUS-SERVERS
Server IP Address or name: 10.1.2.3
Username: amolak
Password: password123
INFO: Attempting Authentication test to IP address <10.1.2.3> (timeout: 12 seconds)
INFO: Authentication Successful

ASA-1# test aaa-server authentication RADIUS-SERVERS
Server IP Address or name: 10.1.2.3
Username: amolak
Password: wrongpassword
INFO: Attempting Authentication test to IP address <10.1.2.3> (timeout: 12 seconds)
ERROR: Authentication Rejected: AAA failure

Note that you can choose the group, or specific server in the group. This makes it possible to check all servers in the group are working.

BGP Default Route

March 24, 2016BGP, Cisco, Service ProviderBGP, Default RouteAmolak

We will discuss the different ways to advertise a default route in BGP. We will use following network topology for the same.

1. default-information originate

A default route can be injected into BGP with the command ‘default-information originate’. Following conditions must be fulfilled to use this method.

– A default route must be in the local routing table.
– The default route must be redistributed into the BGP
– Add ‘default-information originate’ under router bgp <ASN>

Here is the initial configuration and BGP status on all routers.

Let’s first try to add a static default route and redistribute it into BGP on R1.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 null0
R1(config)#router bgp 100
R1(config-router)#redistribute static
R1(config-router)#
R1(config-router)#do sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 redistribute static
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1(config-router)#do sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "static", distance 1, metric 0 (connected), candidate default path
  Redistributing via bgp 100
  Routing Descriptor Blocks:
  * directly connected, via Null0
      Route metric is 0, traffic share count is 1
R1(config-router)#
R1(config-router)#do sh ip bgp
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1(config-router)#

R1 is not yet advertising default route into BGP. It shows that simply redistributing a default route into BGP would not help. Let’s add a ‘default-information originate’ under BGP.

R1(config-router)#router bgp 100
R1(config-router)#default-information originate
R1(config-router)#do sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 redistribute static
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
 default-information originate
R1(config-router)#do sh ip bgp
BGP table version is 11, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 ?
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1(config-router)#

Now you can see all BGP peers (iBGP and eBGP) are receiving default route information from R1.

R2#sh ip bgp
BGP table version is 10, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          12.12.12.1               0             0 100 ?
 *>  1.1.1.0/24       12.12.12.1               0             0 100 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       12.12.12.1                             0 100 300 i
 *>  4.4.4.0/24       12.12.12.1                             0 100 i
R2#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 200", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 12.12.12.1 00:02:25 ago
  Routing Descriptor Blocks:
  * 12.12.12.1, from 12.12.12.1, 00:02:25 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none
R2#

R3#sh ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          13.13.13.1               0             0 100 ?
 *>  1.1.1.0/24       13.13.13.1               0             0 100 i
 *>  2.2.2.0/24       13.13.13.1                             0 100 200 i
 *>  3.3.3.0/24       0.0.0.0                  0         32768 i
 *>  4.4.4.0/24       13.13.13.1                             0 100 i
R3#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 300", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 13.13.13.1 00:04:36 ago
  Routing Descriptor Blocks:
  * 13.13.13.1, from 13.13.13.1, 00:04:36 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none
R3#

R4#sh ip bgp
BGP table version is 8, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 0.0.0.0          14.14.14.1               0    100      0 ?
 r>i 1.1.1.0/24       14.14.14.1               0    100      0 i
 *>i 2.2.2.0/24       14.14.14.1               0    100      0 200 i
 *>i 3.3.3.0/24       14.14.14.1               0    100      0 300 i
 *>  4.4.4.0/24       0.0.0.0                  0         32768 i
R4#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 100", distance 200, metric 0, candidate default path, type internal
  Last update from 14.14.14.1 00:05:21 ago
  Routing Descriptor Blocks:
  * 14.14.14.1, from 14.14.14.1, 00:05:21 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0
      MPLS label: none

2. network 0.0.0.0

A default route can be injected into BGP with configuration of ‘network 0.0.0.0’ under BGP if a default route is available in the local routing table of a router.

Following conditions must be fulfilled to use this method.

– A default route must be in the local routing table.
– Add ‘network 0.0.0.0’ under router bgp <ASN>

Let’s remove previously configured ‘default-information originate’ and ‘redistribute static’ commands and use ‘network 0.0.0.0’.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 100
R1(config-router)#no default-information originate
R1(config-router)#no redistribute static
R1(config-router)#network 0.0.0.0
R1(config-router)#do sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 0.0.0.0
 network 1.1.1.0 mask 255.255.255.0
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1(config-router)#end
R1#sh ip
*Mar 24 11:42:36.623: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip bgp
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1#

Let’s verify BGP table and default route on peer routers.

R2#sh ip bgp
BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          12.12.12.1               0             0 100 i
 *>  1.1.1.0/24       12.12.12.1               0             0 100 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       12.12.12.1                             0 100 300 i
 *>  4.4.4.0/24       12.12.12.1                             0 100 i
R2#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 200", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 12.12.12.1 00:01:54 ago
  Routing Descriptor Blocks:
  * 12.12.12.1, from 12.12.12.1, 00:01:54 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none

R3#sh ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          13.13.13.1               0             0 100 i
 *>  1.1.1.0/24       13.13.13.1               0             0 100 i
 *>  2.2.2.0/24       13.13.13.1                             0 100 200 i
 *>  3.3.3.0/24       0.0.0.0                  0         32768 i
 *>  4.4.4.0/24       13.13.13.1                             0 100 i
R3#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 300", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 13.13.13.1 00:02:17 ago
  Routing Descriptor Blocks:
  * 13.13.13.1, from 13.13.13.1, 00:02:17 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none

R4#sh ip bgp
BGP table version is 10, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 0.0.0.0          14.14.14.1               0    100      0 i
 r>i 1.1.1.0/24       14.14.14.1               0    100      0 i
 *>i 2.2.2.0/24       14.14.14.1               0    100      0 200 i
 *>i 3.3.3.0/24       14.14.14.1               0    100      0 300 i
 *>  4.4.4.0/24       0.0.0.0                  0         32768 i
R4#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 100", distance 200, metric 0, candidate default path, type internal
  Last update from 14.14.14.1 00:03:06 ago
  Routing Descriptor Blocks:
  * 14.14.14.1, from 14.14.14.1, 00:03:06 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0
      MPLS label: none

3. neighbor x.x.x.x default-originate

If you want to advertise default route to a specific peer, this is the method for that requirement.

– Add ‘neighbor x.x.x.x default-originate’ under router bgp <ASN>
– It does not even check for the existence of a default route in the IP routing table
– The ‘default-information originate’ command should not be configured with the ‘neighbor x.x.x.x default-originate’ command on the same router

Let’s remove previously configured commands.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#no ip route 0.0.0.0 0.0.0.0 Null0
R1(config)#router bgp 100
R1(config-router)#no  network 0.0.0.0
R1(config-router)#end
R1#sh run
*Mar 24 11:50:22.479: %SYS-5-CONFIG_I: Configured from console by console
R1#sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1#sh ip route 0.0.0.0
% Network not in table
R1#sh ip bgp
BGP table version is 14, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i

Now advertise default route only to R2.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 100
R1(config-router)#neighbor 12.12.12.2 default-originate
R1(config-router)#end
R1#s
*Mar 24 11:53:46.471: %SYS-5-CONFIG_I: Configured from console by consoleh
R1#sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 neighbor 12.12.12.2 remote-as 200
 neighbor 12.12.12.2 default-originate
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1#clear ip bgp 12.12.12.2 soft
R1#sh ip bgp
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1#sh ip route 0.0.0.0
% Network not in table
R1#

Notice there is no default route available in local routing table of R1 and bgp table also shows there is no best route (no *> status) for 0.0.0.0 network.

Let’s verify what R1 is advertising to its peers.

R1#sh ip bgp neighbors 12.12.12.2 advertised-routes
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Originating default network 0.0.0.0

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i

Total number of prefixes 3

R1#sh ip bgp neighbors 13.13.13.3 advertised-routes
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i

Total number of prefixes 4

## No default route advertised to R3(13.13.13.3)

Finally, verify BGP table and routing table on all peer routers.

R2#sh ip bgp
BGP table version is 14, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          12.12.12.1                             0 100 i
 *>  1.1.1.0/24       12.12.12.1               0             0 100 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       12.12.12.1                             0 100 300 i
 *>  4.4.4.0/24       12.12.12.1                             0 100 i
R2#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 200", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 12.12.12.1 00:08:27 ago
  Routing Descriptor Blocks:
  * 12.12.12.1, from 12.12.12.1, 00:08:27 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none

R3#sh ip bgp
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       13.13.13.1               0             0 100 i
 *>  2.2.2.0/24       13.13.13.1                             0 100 200 i
 *>  3.3.3.0/24       0.0.0.0                  0         32768 i
 *>  4.4.4.0/24       13.13.13.1                             0 100 i
R3#sh ip route 0.0.0.0
% Network not in table

R4#sh ip bgp
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 r>i 1.1.1.0/24       14.14.14.1               0    100      0 i
 *>i 2.2.2.0/24       14.14.14.1               0    100      0 200 i
 *>i 3.3.3.0/24       14.14.14.1               0    100      0 300 i
 *>  4.4.4.0/24       0.0.0.0                  0         32768 i
R4#sh ip route 0.0.0.0
% Network not in table

Amolak Networks

Stay Hungry Stay Foolish