i configured bgp on both routers as you did before redistributing bgp routes.
i recevied prefix in sh ip bgp summary
emma#sh ip bgp sum
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 1, main routing table version 6
0 network entries using 0 bytes of memory
0 path entries using 0 bytes of memory
0/0 BGP path/bestpath attribute entries using 0 bytes of memory
0 BGP AS-PATH entries using 0 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 32 total bytes of memory
BGP activity 0/0 prefixes, 0/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.2 4 2 4 4 1 0 0 00:02:35 4
Rudolf,
Although it is best practice to do so, explicitly defining the BGP router-id isnât required. If you donât define it manually, BGP will take the highest IPv4 address of a loopback, then active interface (in that order).
I took a break after passing my CCNA. However, iks a good thing I am starting to get at this again as I see a little rust. I currently work in networking and IT but while learning helps that its not the reverse and I am often just working on specific projects not to mention the majority is Brocade (uggglol). Anyway Ia m back and found this post to be easy to understand and hope to get back into the grind again.
shantel
(Shantel - Networklessons.com)
Split this topic
27
Hello Rene,
I seem to be having a problem with some of your labs, specifically where you have to configure a loopback. I keep getting a bad mask /24 when I try to configure loopbacks on my routers. I cannot get this lab to work. My router will not accept 1.1.1.0 /24. I tried the ip subnet-zero command but it doesnât work either. Any suggestions/ideas?
one question regarding the MD5 authentication.
If enabled, does this mean that MD5 will hash all TCP packets together with the password configured, then it is send and the other router knowing the same password can recalculate the same hash thus knowing its a legitimate packet?
When you enable MD5 authentication for BGP, each TCP segment is verified with MD5. Both routers know the same password so when they calculate the hash for a segment and it matches with what the other peer sent, we know that itâs a legitimate packet.
For a detailed explanation of what/when is checked exactly, take a look at this RFC:
R3#sh run | sec bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
network 3.3.2.1
network 3.3.3.2
neighbor 172.16.0.1 remote-as 100
no auto-summary
R1 BGP:
R1#sh run | sec bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.2.1
network 1.1.3.1
neighbor 172.16.0.2 remote-as 100
neighbor 192.168.0.1 remote-as 200
no auto-summary
R1 BGP routes:
R1#sh ip bgp summary
BGP router identifier 1.1.3.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.0.2 4 100 52 53 1 0 0 00:16:53 0
192.168.0.1 4 200 56 56 1 0 0 00:22:26 0
R1 Routing Table:
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.3.0/24 is directly connected, Loopback1
C 1.1.2.1/32 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, FastEthernet0/1
C 192.168.0.0/24 is directly connected, FastEthernet0/0
In practical, when peering EBGP with service provider what would be the proper ACL that apply to the edge router from enterprise user perspective? Could you provide some example on this please?
Network edge security is an issue that is much more involved than just the implementation of an ACL at the edge of your network. There is a whole discipline behind securing the network edge. Some links that may help you include:
To achieve eBGP peerings I have placed static routes onto r1, r2, r3 which has brought the peering up with the add of multi-hop. : ) The question is, on reading online it mentions that in the CCIE lab static routes would not be perferred. Therefore what other options would I have. The only other option I can see is to extend OSPF or should I be using different routing protocols perform route redistrbution.
In order for BGP peerings to take place, peers must have a routing path to each other. This can be done either via static routing, as you have done, or by implementing a dynamic IGP routing protocol. If there is no functional path between BGP peers, BGP peering will not form.
Static routing is a solution, but because it cannot adjust to changing topologies due to failure or modifications, BGP peering could be lost. The best would be to use a dynamic IGP protocol internally between routers on the same AS.
When you implement an IGP, it should be contained within a single AS. You should not have the same OSPF instance spanning multiple ASâes. For example, you should configure R1, R2, and R3 to be running OSPF between them, and then configure R4 and R5 to run OSPF between them. No redistribution between the ASâes should be configured. All routing that has to take place between the ASâes should be taken care of by eBGP.
There is no inbound policies in R2 (anyway inbound policies apply between adj-RIB-in and loc-RIB)
I suppose this is because R2 find his own AS (65100) in AS_PATH
How do i solve this issue if i want that R2 knows this prefix ?
I read in a blog that this lab should work and R2 should receive this prefix with next-hop of R1 (and not R3) because eBGP is doing optimization (eBGP sessions are in the same subnet).
In my lab that is not working at all
Regards
