Lab 117 - BGP Community Policy - Learn Cisco

Post Top Ad

Lab 117 - BGP Community Policy

Prerequisites: CCNP level skills.

BGP Default Communities
  • internet - Advertise this route to the Internet community. All routers belong to it.
  • no-export - Do not advertise this route to eBGP peers (real BGP peers).
  • no-advertise - Do not advertise this route to any peer (internal or external).
  • local-as - Do not advertise this route to peers outside the local autonomous system. This route will not be advertised to other autonomous systems or sub-autonomous systems when confederations are configured.
source:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html#wp1001855

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
Configure AS 123 so that it accepts the BGP communities from AS 40. The routers in AS 123 must apply local preference=200 to all prefixes that use the community 123:200.

Task 2
Given the policy in Task 1, configure R4 so that the  traffic from AS 50 towards 172.16.104.0/24 is received from R1, and the traffic towards 172.16.144.0/24 is received from R2.

Task 3
Configure the routers in AS 123, so that all other communities starting with number 123: are removed from all incoming prefixes. Configure R4 to advertise additional community to the ones stipulated in Task 2 and verify that the routers in AS 123 remove them successfully.

Solution

Task 1
Configure AS 123 so that it accepts the BGP communities from AS 40. The routers in AS 123 must apply local preference=200 to all prefixes that use the community 123:200.

R1 Configuration:
!
ip bgp-community new-format
ip community-list 1 permit 123:200
!
route-map COMMUNITY_POLICY permit 10
 match community 1
 set local-preference 200
!
route-map COMMUNITY_POLICY permit 999
!
router bgp 123
 no synchronization
 bgp router-id 172.16.101.1
 bgp log-neighbor-changes
 network 172.16.101.0 mask 255.255.255.0
 neighbor 10.1.13.3 remote-as 123
 neighbor 10.1.13.3 next-hop-self
 neighbor 10.1.14.4 remote-as 40
 neighbor 10.1.14.4 route-map COMMUNITY_POLICY in
 no auto-summary
!

R2 Configuration:
!
ip bgp-community new-format
ip community-list 1 permit 123:200
!
route-map COMMUNITY_POLICY permit 10
 match community 1
 set local-preference 200
!
route-map COMMUNITY_POLICY permit 999
!
router bgp 123
 no synchronization
 bgp router-id 172.16.102.2
 bgp log-neighbor-changes
 network 172.16.102.0 mask 255.255.255.0
 neighbor 10.1.23.3 remote-as 123
 neighbor 10.1.23.3 next-hop-self
 neighbor 10.1.24.4 remote-as 40
 neighbor 10.1.24.4 route-map COMMUNITY_POLICY in
 no auto-summary
!

Task 2
Given the policy in Task 1, configure R4 so that the  traffic from AS 50 towards 172.16.104.0/24 is received from R1, and the traffic towards 172.16.144.0/24 is received from R2.

R4 Configuration:
!
ip bgp new-format
!
ip prefix-list LOOPBACK0 seq 5 permit 172.16.104.0/24
ip prefix-list LOOPBACK1 seq 5 permit 172.16.144.0/24
!
route-map COMMUNITY_TO_R1 permit 10
 match ip address prefix-list LOOPBACK0
 set community 123:200
!
route-map COMMUNITY_TO_R1 permit 999
!
route-map COMMUNITY_TO_R2 permit 10
 match ip address prefix-list LOOPBACK1
 set community 123:200
route-map COMMUNITY_TO_R2 permit 999
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 network 172.16.144.0 mask 255.255.255.0
 neighbor 10.1.14.1 remote-as 123
 neighbor 10.1.14.1 send-community
 neighbor 10.1.14.1 route-map COMMUNITY_TO_R1 out
 neighbor 10.1.24.2 remote-as 123
 neighbor 10.1.24.2 send-community
 neighbor 10.1.24.2 route-map COMMUNITY_TO_R2 out
 no auto-summary
!

As always, when changing policy for outbound updates issue: 'clear ip bgp * out'.

Verification:
Pic. 2 - R1's Detailed Prefix.
Pic. 3 - R2's Detailed Prefix.
Pic. 4 - Traceroute from R5.

Task 3
Configure the routers in AS 123, so that all other communities starting with number 123: are removed from all incoming prefixes. Configure R4 to advertise additional community to the ones stipulated in Task 2 and verify that the routers in AS 123 remove them successfully.

R4 Configuration (applying extra community number to test config)
!
route-map COMMUNITY_TO_R1 permit 10
 match ip address prefix-list LOOPBACK0
 set community 123:100 123:200 123:500 600:100 additive
!
route-map COMMUNITY_TO_R2 permit 10
 match ip address prefix-list LOOPBACK0
 set community 123:100 123:200 123:500 600:100 additive
!

Then, 'clear ip bgp * out'

Verification:
Pic. 5 - R1's Multiple Communities Added.

Pic. 6 - R2's Multiple Communities Added.
R1 Configuration:
!
ip community-list expanded REMOVE deny 123:200
ip community-list expanded REMOVE permit 123:.*
!
route-map COMMUNITY_POLICY permit 10
 match community 1
 set local-preference 200
 set comm-list REMOVE delete
!
route-map COMMUNITY_POLICY permit 999
!

Verification:
Pic. 7 - Result on R1.

Notice!
As per stipulations in TASK 2/3 the community 123:200 is not removed and applies the local preference of 200. The communities starting with 123: have been removed. Other communities (here: 600:100), have not been removed.

R2 Configuration:
!
ip community-list expanded REMOVE deny 123:200
ip community-list expanded REMOVE permit 123:.*
!
route-map COMMUNITY_POLICY permit 10
 match community 1
 set local-preference 200
 set comm-list REMOVE delete
!
route-map COMMUNITY_POLICY permit 999
!

Verification:
Pic. 7 - Result on R2.

Notice!
Similarly to R1, R2 removes all communities with 123: numbers except for 123:200 which is used to apply the local preference 200 to the prefix.

Post Top Ad