Advertisements
Home

BGP Configuration (part 1)

8 Comments

(article yang lama akan coba gw update disini…dan gw coba jelasin in english…biar gaya)

Today we learn about how to configure basic BGP configuration such as,

  • e-BGP
  • i-BGP (with loopback)
  • BGP Full Mesh
  • peer-group
  • BGP authentication
  • And BGP Summarization

And the topology we use throughout this article is like this

Note: IP Scheme is 192.168.XX.X..where XX is the combined number of routers, such as R2 and R3 would be 192.168.23.2 and 23.3

We use OSPF as IGP (Internal) Protocol in AS 1

I already assume you have good understanding how to configure basic IP Configuration on Cisco Router here…

I’m trying to explain step-by-step…including error, note, important detail that I learn when configuring basic BGP Configuration

================================================

Configuring e-BGP

e-BGP (external BGP) = Connecting different BGP AS (Autonomous System)

We configure R1 and R5

Wait a little longer (10-20s)…BGP Convergence is verrrry slooow

To see list of BGP neighbor, we could use show ip bgp summary

to perform eBGP WITHOUT connecting directly…we must use eBGP-multihop (we’ll talk about it in the next parts)

================================================

Configuring i-BGP

i-BGP (internal BGP) = Connecting BGP within AS

We Configure R1 and R3

If R1 peering within AS (i-BGP), we must check wether route to destination peer is exist within routing table (show ip route)

of course…how would R1 know how to deliver BGP Packet (request for Peering with R3) if He doesnt know where to send the packet ?!? *face palm*

So…one of the differences between e-BGP and i-BGP is i-BGP peering routers are not necessary to be directly connected

Configuring i-BGP with Loopback

The question is…if the physical link down…would it be down too with the BGP Peering right ?!?

There are 2 answers: add another physical link to BGP neighborship table, or (the easiest one)…add loopback IP

Because Loopback Interface is never down (remember…this interface is virtual), Loopback Interface will be down if the Router itself down

As long as the routers know how to send packet to loopback IP (acquired via IGP such as OSPF), the neighborship and peering will be fine

To configure i-BGP with loopback, delete neighborship with physical interface first (no neighbor [physical IP] remote-as [AS Number])

the keyword is update-source [interface]

Lets verify the list of the neighbors

=====================================================

BGP Full Mesh

Now…R1 peering with R5 (e-BGP) and R1 peering with R3 (i-BGP)

The next task is…will R3 reach R5 without extra configuration ?!?

Both R3 and R5 connect to R1. To reach R5 (or R3), R1 must advertise the route to both Routers, lets see if R1 advertise rute 10.10.15.1 to R3 (show ip bgp)

The rules of advertising rute is same like i-BGP peering…He must know the route to it/destination

When we see the configuration above, maybe one or two of us will ask the same question

Why 23.0 use mask…why 34.0 not ?!? the answer is…it doesnt matter, it still same result

If we only advertise network WITHOUT mask…BGP will assume that route is classfull (and 192.168.34.0 is classful right ?!? C Class IP)

Note…if we use network 0.0.0.0 mask 0.0.0.0 (some of you will do it because of laziness…JUST ADD ALL !! haha)

The result is not what you are thinking…the router will advertise DEFAULT ROUTE !!! (just think of it…0.0.0.0 0.0.0.0 is default route right ?!?)

So…the way we handle advertised route in BGP is different than IGP such as OSPF

Now lets see if R3 (also R5 will get the same result) get the advertised route…

Lets ping

Ping to R5 10.10.15.5 success, but will it be the same if R3 ping to one of R5 loopback IP such as 5.5.5.5 ?!?

Why is this happen ?? when R3 ping to 10.10.15.5 which is R5, R1 know where to route the packet (directly connected, exist in R1’s routing table)

But when R3 ping to R5 5.5.5.5 loopback IP, lets see R1 routing table

Now we know the problem (5.5.5.5 doesnt exist in R1’s Routing table)…so what is the solution ?!?

Because R1 doesnt know how to route the packet…we must add static route to R5 loopback ip, then see if that static route exist in routing table, advertise using BGP, check using show ip bgp

Lets check on R3…will it be able to ping loopback ip on R5 ?!?

Unreachable…the packets stop on R2 (23.2) and R4 (34.4)

Why is this happen ?!? because R2 and R4 doesnt know where to route the packets !!! (of course…they doesnt know where the F*** 5.5.5.5 is !!!)

The solution ?!? make R2 (and R4) run BGP too (5.5.5.5 acquired via BGP right ?!?)

To make sure a proper BGP implementation, we must configure all router to run BGP? is it like another route protocol?

yes, just like EIGRP and OSPF, BGP is another type of routing protocol right ?!? but this protocol is more suitable in ISP environment

Note: same config apply ro R4, R3, R1

Let see…

But..there is some question…i-BGP peering doesnt need to be directly connected, but now we connect all of them

Isn’t it waste of energy and time ?!?! yes…this is what we called i-BGP Full Mesh

So…imagine if there is more than 4 router…

The formula is n(n-1)/2..where N = sum of all router

So..if there is 25 router..it would be 600 peerings !!!

To overcome this complicated BGP Behavior…BGP has features called Route-Reflector and Route Confederation (later we’ll configure them)

=========================================

BGP Peer-Group

Imagine you type all this…

To reduce that repetition…BGP has feature called Peer-Group

Let me show you the example

============================================================================

BGP Authentication

Its quite simple (lets keep it simple though wkwkwk)

BGP Default authentication is using MD5

===========================================================================

BGP Summarization

BGP auto-summarization is off by default

BGP Summarize route using aggregate command

Lets advertise loopbacks IP from R5

Lets see on R1

dont worry about 5.0.0.0 below 3.3.3.3, I’m advertised static route into BGP remember…thats why that network exist

To reduce routing table and bgp “show ip bgp” table, on R5 we must use route aggregation

Lets see the effect on R1

Whoops…nothing change…except there is “*> “…a blank network

So…we must add a little command here (summary-only)

And the effect…

Yuppp…it works…

See the last line…S 5.0.0.0 [1/0]…its static (S)…not BGP (B), why ?!? because Static Route AD (Administrative Distance) is better than BGP

So…can it be pinged ?!?…yes, sure it can

Thats all folks for today…part 2 coming soon (BGP Route Modification with Path Attributes) insya Allah

Advertisements

BGP Basic Configuration

4 Comments

First TaskConnecting between Different AS (you can say between ISP) = using e-BGP

Berarti focus kita di R5 dan R1

Penjelasan:

  • Create bgp di masing2 router dengan router bgp [nomor AS], konfig ini memberitahu si Router bahwa dia adalah BGP Speaker
  • Nomor AS nya bisa “minta” ke ARIN, RIPE, dll
  • Lalu kita define/tentukan siapa BGP Neighbor nya dengan neighbor [ip neighbor] remote-as [nomor AS]
  • e-BGP HARUS point-to-point…alias face-to-face alias directly connected

tungguin…5 ampe 10 detik…lebih lama dari OSPF ini convergence nya BGP

Klo uda ada notifikasi seperti diatas artinya masing2 router sudah Peering (BGP Peer)

Second Task…R5 pengen ke R2/R3/R4

sebelumnya…untuk konektifitas R1-R2-R4-R3 gw pake RIP (repot klo static route satu2)

Penjelasan:

  • setelah kita define neighbor nya, kita setting network2 mana aja yang mau dikasi ke BGP Neighbor kita dengan cara network [ip network] mask [subnet mask]
  • network yang di”kasih” ke BGP neighbor adalah network2 yang ter-install di routing table dia (entah itu dari Directly Connected, Static, ato Dynamic), GA ADA di routing table = BGP Neighbor GA DAPET

cek de di R5 (jangan langsung show ip bgp…aga lama nih adjacency/convergence nya BGP…)

Nah…uda dapet nih R5 rute2 yang dikasi R1, cek lagi dah dengan show ip route

tes ping sekarang…

ga mau nih…kenapa yah ?!?…coba liat di routing table di R2

ga ada nih mas bro untuk rute ke 15.15.15.0 (di R5 sih ada rute ke 12.12.12.0…karena uda di advertise/di kirim ama R1)

yang harus kita lakukan adalah bikin R2 “kenal” sama BGPcaranya ya pake bgp protocol juga

jgn lupa di tambahin di config router bgp R1

klo kita liat…R1 & R2 sama2 “remote-as 1″…inilah yang dinamakan i-BGP (internal BGP)

coba kita ping lagi…

ga bisa lagi T___T…sekarang cek show ip bgp di R2

weleh….belum ada rute BGP ke 15.15.15.0…siapa sih tadi yang advertise begini2an ?!?! si R1 kan ?!?!

sekarang kita add ke network 15.15.15.0 ke BGP Routing nya R1

nah…cakep…klo ga yakin, coba liat di routing table…

ganteng…sekarang tinggal ping…dari R2 ke R5 (ato sebaliknya)

berarti untuk ke R3 cincai lah ya….uda tau konsep dan config nya

Catatan Seputar Command Network [IP Network] Mask [Subnet mask]:

  • Command network [ip network] bisa dikasi tanpa mask [subnet mask]tapi harus classfull, klo ga classfull ga dikasi ke neighbor
  • Kita bisa buat classless network menjadi classfull network dengan command auto-summary (mirip ama EIGRP & RIP)
  • untuk IOS terbaru default BGP config nya adalah no auto-summary
  • Klo di IGP kita bisa pake network 0.0.0.0 untuk include semua network yang ter-attach ke router itu, di BGP ga bisa
  • Command network 0.0.0.0 mask 0.0.0.0…ya untuk 0.0.0.0 0.0.0.0 (default route)

sekarang tinggal ke R4 (ada sedikit catatan tambahan soalnya)

Di R4 itu ada 2 interface, yang satu ip nya 34.34.34.4 (ke R3), yang satu 24.24.24.4 (ke R2), pilih aja salah satu (yang penting ada rute kesalah satu ato ke kedua2nya)

wait wait…kok R4 bisa nge-detect BGP sih ?? dari R2 kah ?? padahal kan di R2/R3 ga di set neighbor ke R4 ?!?

dalam i-BGP…setiap BGP Speaker bisa adjacency/berhubungan dengan BGP Speaker yang lain, walaupun tidak directly connected

yang penting router2 i-BGP Speaker ini TAHU JALAN KE BGP SPEAKER LAIN…dalam kasus ini, R1 dan R4 kan tahu jalan ke masing2 router lewat RIP

Ehehe…

Pas di R5 gw cek ga ada rute ke 24.24.24.0 (ato 34.34.34.0 klo lewat R3), di R1 gw lupa advertise network 24.24.24.0 (emang ada di routing table itu 24.24.24.0 ?? ada…cek aja lagi gambar paling atas)

=============================================

BGP Update-Source

nah…trus gw ada pertanyaan nih…klo R1 dan R2 adalah i-BGP peer, kita settingnya di R1 kan begini nih:

12.12.12.2 kan ip interface fisik, klo link/interface nya putus gimana ?? peering nya putus juga donk…

nah…kita bisa pake loopback. Interface loopback kan ga pernah mati tuh (secara logical gitu loh), klo kita “ngarahin” neighbor nya ke loopback…interface fisik nya mati pun ga masalah

contoh (ilangin dulu itu neighbor dengan ip fisik nya):

Kita create ip di loopback…untuk BGP bisa akses ni Loopback IP, ya harus ada di routing table (static or dynamic)

Penjelasan:

  • Kita arahin neighbor nya bukan ke interface fisik R2 (24.24.24.2 ato 34.34.34.2) tapi ke IP Loopback nya
  • Penting: IP Loopback nya harus bisa di ping dulu ama si R1 (harus ada di routing table via Dynamic or Static Routing…gimana config lo aja)
  • So…taro lah interface R1 ke R2 (R1 -> R2) mati…tapi selama loopback R1 (1.1.1.1) dan R2 (2.2.2.2) masi bisa di akses (dari R1 -> R3 -> R4 -> R2 contohnya)…no problem

=============================================

BGP Peer-Group

Kita liat config-an dibawah (anggep lah R2 & R3 juga i-BGP):

Nah…kita bisa nge-reduce CPU process dan “tenaga” jari kita…dengan peer-group

Sering kali kita konfig bgp neighbor dengan policies, remote-as, bahkan route-map/filtering yang sama…dengan peer-group hemat ketikan jadinya

*tapi klo diliat2 sama yah…6 baris juga….hahaha…

Kan gw cuma bikin peer-group untuk remote-as dan update-source juga…Peer-group itu bisa buat macem2, contohnya: route-map, filtering, dll

============================================

BGP Authentication

Default dari authentikasi BGP adalah MP5 *ehm * MD5, password diatas itu akan dipakai dengan hashing MD5

R2 juga diset sama password nya…(iya lah)

Bahkan password ini pun bisa dimasukin ke peer-group

============================================

BGP Timer

Penjelasan:

  • Timer bgp [keepalive] [holdtime], untuk nge set timer…seberapa lama router lawan ga ngirim paket (keepalive) dan seberapa lama abis router lawan ga ngirim paket dan diputuskan untuk di drop oleh router yang bersangkutan (holdtime)
  • Default nya 60 (keepalive) dan 180 (holdtime)…jadi…klo mo setting2 beginian…rasio nya 1:3 (jangan ngaco konfig nya…3:1…belum juga ngirim update..uda di putusin…hahah)
  • Neighbor [ip neighbor] timer [keepalive] [holdtime] [(optional) minimum holdtime from neighbor], untuk nge-set timer secara spesifik per neighbor…settingan ini override settingan timer bgp global yang tadi
  • [optional] Minimum holdtime from neighbor….<— ga ngerti gw….so ga bisa jelasin…hahaha
  • Settingan timer per neighbor juga bisa di masukin ke peer-group

============================================

Summary dari Basic BGP Configuration (R1)

=============================================

BGP Advanced Configuration nya nanti yaks…

Next…klo gw uda mampu jelasin & nerangin BGP Confederation, Route Reflector, Regex, dll… T__T

Pasti gw post…

Older Entries