Prerequisites: CCNP level skills.
BGP Default Communities
- internet - Advertise this route to the Internet community. All routers belong to it.
- no-export - Do not advertise this route to eBGP peers (real BGP peers).
- no-advertise - Do not advertise this route to any peer (internal or external).
- local-as - Do not advertise this route to peers outside the local autonomous system. This route will not be advertised to other autonomous systems or sub-autonomous systems when confederations are configured.
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html#wp1001855
Topology
Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl
Task 1
Configure AS 123 so that it accepts the BGP communities from AS 40. The routers in AS 123 must apply local preference=200 to all prefixes that use the community 123:200.
Task 2
Given the policy in Task 1, configure R4 so that the traffic from AS 50 towards 172.16.104.0/24 is received from R1, and the traffic towards 172.16.144.0/24 is received from R2.
Task 3
Configure the routers in AS 123, so that all other communities starting with number 123: are removed from all incoming prefixes. Configure R4 to advertise additional community to the ones stipulated in Task 2 and verify that the routers in AS 123 remove them successfully.
Solution
Task 1
Configure AS 123 so that it accepts the BGP communities from AS 40. The routers in AS 123 must apply local preference=200 to all prefixes that use the community 123:200.
R1 Configuration:
!
ip bgp-community new-format
ip community-list 1 permit 123:200
!
route-map COMMUNITY_POLICY permit 10
match community 1
set local-preference 200
!
route-map COMMUNITY_POLICY permit 999
!
match community 1
set local-preference 200
!
route-map COMMUNITY_POLICY permit 999
!
router bgp 123
no synchronization
bgp router-id 172.16.101.1
bgp log-neighbor-changes
network 172.16.101.0 mask 255.255.255.0
neighbor 10.1.13.3 remote-as 123
neighbor 10.1.13.3 next-hop-self
neighbor 10.1.14.4 remote-as 40
neighbor 10.1.14.4 route-map COMMUNITY_POLICY in
no auto-summary
no synchronization
bgp router-id 172.16.101.1
bgp log-neighbor-changes
network 172.16.101.0 mask 255.255.255.0
neighbor 10.1.13.3 remote-as 123
neighbor 10.1.13.3 next-hop-self
neighbor 10.1.14.4 remote-as 40
neighbor 10.1.14.4 route-map COMMUNITY_POLICY in
no auto-summary
!
R2 Configuration:
!
ip bgp-community new-format
ip community-list 1 permit 123:200
!
route-map COMMUNITY_POLICY permit 10
match community 1
set local-preference 200
!
route-map COMMUNITY_POLICY permit 999
match community 1
set local-preference 200
!
route-map COMMUNITY_POLICY permit 999
!
router bgp 123
no synchronization
bgp router-id 172.16.102.2
bgp log-neighbor-changes
network 172.16.102.0 mask 255.255.255.0
neighbor 10.1.23.3 remote-as 123
neighbor 10.1.23.3 next-hop-self
neighbor 10.1.24.4 remote-as 40
neighbor 10.1.24.4 route-map COMMUNITY_POLICY in
no auto-summary
no synchronization
bgp router-id 172.16.102.2
bgp log-neighbor-changes
network 172.16.102.0 mask 255.255.255.0
neighbor 10.1.23.3 remote-as 123
neighbor 10.1.23.3 next-hop-self
neighbor 10.1.24.4 remote-as 40
neighbor 10.1.24.4 route-map COMMUNITY_POLICY in
no auto-summary
!
Task 2
Given the policy in Task 1, configure R4 so that the traffic from AS 50 towards 172.16.104.0/24 is received from R1, and the traffic towards 172.16.144.0/24 is received from R2.
R4 Configuration:
!
ip bgp new-format
!
ip prefix-list LOOPBACK0 seq 5 permit 172.16.104.0/24
ip prefix-list LOOPBACK1 seq 5 permit 172.16.144.0/24
!
ip prefix-list LOOPBACK1 seq 5 permit 172.16.144.0/24
!
route-map COMMUNITY_TO_R1 permit 10
match ip address prefix-list LOOPBACK0
set community 123:200
!
route-map COMMUNITY_TO_R1 permit 999
!
route-map COMMUNITY_TO_R2 permit 10
match ip address prefix-list LOOPBACK1
set community 123:200
route-map COMMUNITY_TO_R2 permit 999
!
match ip address prefix-list LOOPBACK0
set community 123:200
!
route-map COMMUNITY_TO_R1 permit 999
!
route-map COMMUNITY_TO_R2 permit 10
match ip address prefix-list LOOPBACK1
set community 123:200
route-map COMMUNITY_TO_R2 permit 999
!
router bgp 40
no synchronization
bgp router-id 172.16.104.4
bgp log-neighbor-changes
network 172.16.104.0 mask 255.255.255.0
network 172.16.144.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 123
neighbor 10.1.14.1 send-community
neighbor 10.1.14.1 route-map COMMUNITY_TO_R1 out
neighbor 10.1.24.2 remote-as 123
neighbor 10.1.24.2 send-community
neighbor 10.1.24.2 route-map COMMUNITY_TO_R2 out
no auto-summary
no synchronization
bgp router-id 172.16.104.4
bgp log-neighbor-changes
network 172.16.104.0 mask 255.255.255.0
network 172.16.144.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 123
neighbor 10.1.14.1 send-community
neighbor 10.1.14.1 route-map COMMUNITY_TO_R1 out
neighbor 10.1.24.2 remote-as 123
neighbor 10.1.24.2 send-community
neighbor 10.1.24.2 route-map COMMUNITY_TO_R2 out
no auto-summary
!
As always, when changing policy for outbound updates issue: 'clear ip bgp * out'.
Verification:
Pic. 2 - R1's Detailed Prefix.
Pic. 3 - R2's Detailed Prefix.
Pic. 4 - Traceroute from R5.
Task 3
Configure the routers in AS 123, so that all other communities starting with number 123: are removed from all incoming prefixes. Configure R4 to advertise additional community to the ones stipulated in Task 2 and verify that the routers in AS 123 remove them successfully.
R4 Configuration (applying extra community number to test config)
!
route-map COMMUNITY_TO_R1 permit 10
match ip address prefix-list LOOPBACK0
set community 123:100 123:200 123:500 600:100 additive
match ip address prefix-list LOOPBACK0
set community 123:100 123:200 123:500 600:100 additive
!
route-map COMMUNITY_TO_R2 permit 10
match ip address prefix-list LOOPBACK0
set community 123:100 123:200 123:500 600:100 additive
! match ip address prefix-list LOOPBACK0
set community 123:100 123:200 123:500 600:100 additive
Then, 'clear ip bgp * out'
Verification:
Pic. 5 - R1's Multiple Communities Added.
R1 Configuration:!
ip community-list expanded REMOVE deny 123:200
ip community-list expanded REMOVE deny 123:200
ip community-list expanded REMOVE permit 123:.*
!
!
route-map COMMUNITY_POLICY permit 10
match community 1
set local-preference 200
set comm-list REMOVE delete
!
route-map COMMUNITY_POLICY permit 999
!
match community 1
set local-preference 200
set comm-list REMOVE delete
!
route-map COMMUNITY_POLICY permit 999
!
Verification:
Pic. 7 - Result on R1.
As per stipulations in TASK 2/3 the community 123:200 is not removed and applies the local preference of 200. The communities starting with 123: have been removed. Other communities (here: 600:100), have not been removed.
R2 Configuration:
!
ip community-list expanded REMOVE deny 123:200
ip community-list expanded REMOVE deny 123:200
ip community-list expanded REMOVE permit 123:.*
!
!
route-map COMMUNITY_POLICY permit 10
match community 1
set local-preference 200
set comm-list REMOVE delete
!
route-map COMMUNITY_POLICY permit 999
!
match community 1
set local-preference 200
set comm-list REMOVE delete
!
route-map COMMUNITY_POLICY permit 999
!
Verification:
Pic. 7 - Result on R2.
Similarly to R1, R2 removes all communities with 123: numbers except for 123:200 which is used to apply the local preference 200 to the prefix.