Networking

Now In this Lab we will study about Route Reflector . As we know IBGP need fully meshed. The formula for IBGP neighbor peering is N(N-1)/2. In this Lab we configure 4 router as a IBGP. So let start calculate the peering:  4(4-1)/2=6. This is we only use 4 router if you network is using 100 routers, you can imagining how many peering setup needed. That why we use route reflector. Now we use route reflector for one cluster. In this scenario OSPF is use as underlay protocol for IBGP. Figure 1.1 Route reflector have couple of rules for route froward.   If the route was learned from a non-client IBGP peer, it is reflected to clients only. If the route was learned from a client, it is reflected to all non-clients and clients, expect for the originating client. If the route was learned from an EBGP peer, it is reflected to all clients and non-clients. Configuration R1 network 11.11.11.0 mask 255.255.255.0  neighbor 2.2.2.2 remote-as 65001  neighbor 2.2.2.2 upda

Why does OSPF require all traffic between non-backbone areas to pass through a backbone area (area 0)?   Because inter-area OSPF is distance vector, it is vulnerable to routing loops. It avoids loops by mandating a loop-free inter-area topology, in which traffic from one area can only reach another area through area 0. Ref : Jeff Doyle article at Network world http://www.networkworld.com/article/2348778/cisco-subnet/my-favorite-interview-question.html

Three types of traffic may be defined in relation to areas: Intra-area traffic consists of packets that are passed between routers within a single area. Inter-area traffic consists of packets that are passed between routers in different areas. External traffic consists of packets that are passed between a router within the OSPF domain and a router within another routing domain. Area ID 0 (or 0.0.0.0) is reserved for the backbone. The backbone is responsible for summarizing the topologies of each area to every other area. For this reason, all inter-area traffic must pass through the backbone; non-backbone areas cannot exchange packets directly. Ref: Routing TCP/IP volume 1

TTL-Security   External BGP neighbor may be up to 2 hops away. Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled, Mininum incoming TTL 253 , Outgoing TTL 255 EBGP Multihop   External BGP neighbor may be up to 2 hops away. Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled, Mininum incoming TTL 0 , Outgoing TTL 2 One of the good explain can read about TTL-Security at www.packetlife.net. http://packetlife.net/blog/2009/nov/23/understanding-bgp-ttl-security/ If you want more explain pls go this website. http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fs_btsh.html#wp1054580

Study lab for ebgp and ibgp.  Figure 1.1 In this scenario ebgp and ibgp configured. Router 1 and router 2 connect as eBGP. Router 1 and router 3 connect as iBGP. R2 router bgp 100 neighbor 10.1.12.1 remote 200 R1  router bgp 200 neighbor 10.1.12.2 remote 100 neighbor 10.1.13.3 remote 200 R3 router bgp 200 neighbor 10.1.13.1 remote 200 Now neighbor is up we can verify neighbors with ' show ip bgp summary '. R2#show ip bgp summary BGP router identifier 2.2.2.2, local AS number 100 BGP table version is 7, main routing table version 7 2 network entries using 234 bytes of memory 2 path entries using 104 bytes of memory 3/2 BGP path/bestpath attribute entries using 372 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 734 total bytes of memory BGP activity 4/2 prefixes, 4/2 paths,

BGP Neighbor down states Troubleshooting for BGP neighbor down. We can check with  #debug ip bgp events  command.  When the neighbor interface shut down we can see the log like that. *Mar  1 00:57:57.451: BGP: 10.1.12.2 remote close, state CLOSED *Mar  1 00:57:57.451: BGP: 10.1.12.2 -reset the session *Mar  1 00:57:57.451: BGPNSF state: 10.1.12.2 went from nsf_not_active to nsf_not_active *Mar  1 00:57:57.455: BGP: 10.1.12.2 went from Established to Idle *Mar  1 00:57:57.455: %BGP-5-ADJCHANGE: neighbor 10.1.12.2 Down Peer closed the session When neighbor advertise again with wrong AS after established. *Mar  1 01:03:01.827: BGP: 10.1.12.2 remote close, state CLOSEWAIT *Mar  1 01:03:01.827: BGP: 10.1.12.2 -reset the session *Mar  1 01:03:01.827: BGPNSF state: 10.1.12.2 went from nsf_not_active to nsf_not_active *Mar  1 01:03:01.827: BGP: 10.1.12.2 went from Established to Idle *Mar  1 01:03:01.827: %BGP-5-ADJCHANGE: neighbor 10.1.12.2 Down Peer closed the session

We can see the bgp states with ' debug ip bgp events '  command. *Mar  1 01:48:40.675: BGP: 10.1.12.1 went from  Idle to Active *Mar  1 00:50:27.127: BGP: 10.1.12.1 open active, local address 10.1.12.2 *Mar  1 00:50:27.155: BGP: 10.1.12.1 went from  Active to OpenSent *Mar  1 00:50:27.155: BGP: 10.1.12.1 sending OPEN, version 4, my as: 200, holdtime 180 seconds *Mar  1 00:50:27.159: BGP: 10.1.12.1 send message type 1, length (incl. header) 45 *Mar  1 00:50:27.187: BGP: 10.1.12.1 rcv message type 1, length (excl. header) 26 *Mar  1 00:50:27.187: BGP: 10.1.12.1 rcv OPEN, version 4, holdtime 180 seconds *Mar  1 00:50:27.191: BGP: 10.1.12.1 rcv OPEN w/ OPTION parameter len: 16 *Mar  1 00:50:27.191: BGP: 10.1.12.1 rcvd OPEN w/ optional parameter type 2 (Capability) len 6 *Mar  1 00:50:27.191: BGP: 10.1.12.1 OPEN has CAPABILITY code: 1, length 4 *Mar  1 00:50:27.191: BGP: 10.1.12.1 OPEN has MP_EXT CAP for afi/safi: 1/1 *Mar  1 00:50:27.191: BGP: 10.1.1

BGP is a path vector routing protocol. He care about how many AS path numbers to pass not routers that why path vector protocol. BGP uses TCP port 179. We need to advertise exact network at BGP if not we don't see any network. We shouldn't forget about TTL of BGP. eBGP TTL is 1 and iBGP TTL is 255. BGP have 6 states: 1. Idle     Process shutdown or waiting for next retry. 2. Connect     Waiting for TCP connection to complete. 3. Active     TCP conection ready, No BGP messages sent. 4. Opensent.     Open message send. 5. Openconfirm     Receive open message from neighbor. 6. Established     Finish peering and start routing. eBGP and iBGP is difference only two word, between and within. eBGP AD 20. iBGP AD 200. Difference AS but want to advertise as a same AS use confederation. Ref : Wikipedia, Cisco

We also know about GRE tunnel at VPN topics. That can connect private LAN over public LAN. We can use GRE tunnel another way.In this scenario we can't use virtual link because area 2 is NSSA area so we try with GRE tunnel.        Figure 1.1 Just create tunnel at ABR Routers. Put the tunnel network to area 0. Figure 1.2 We imagine like figure 1.2. R2 int tun 0  ip add 172.16.1.1 255.255.255.252 tunnel source 10.1.23.2 tunnel destination 10.1.34.4 ip ospf 1 area 0 R4 int tunnel 0 ip add 172.16.1.2 255.255.255.252 tunnel source 10.1.34.4  tunnel destination 10.1.23.2  ip ospf 1 area 0 One of the point to notice tunnel source and destination are must ABR's network and same area. When you configure difference area network tunnel will flapping.This scenario I use the physical interfaces. After Tunnel is up we will see the Router 4 neighbor like that. Neighbor ID     Pri   State           Dead Time   Address         Interface 2.2.2.

We know the virtual link for connect to OSPF backbone area 0. How about two that network have 2 backbone area?  Figure 1.1 R1 and R6 can't connect. R1 R1(config-router)#do sh ip route ospf      3.0.0.0/24 is subnetted, 1 subnets O IA    3.3.3.0 [110/3] via 10.1.12.2, 00:22:38, FastEthernet0/0      4.0.0.0/24 is subnetted, 1 subnets O IA    4.4.4.0 [110/4] via 10.1.12.2, 00:21:52, FastEthernet0/0      10.0.0.0/24 is subnetted, 3 subnets O IA    10.1.23.0 [110/2] via 10.1.12.2, 00:23:28, FastEthernet0/0 O IA    10.1.34.0 [110/3] via 10.1.12.2, 00:22:38, FastEthernet0/0 R6 R6(config-if)#do sh ip route ospf      3.0.0.0/24 is subnetted, 1 subnets O IA    3.3.3.0 [110/4] via 10.1.56.5, 00:16:06, FastEthernet0/0      4.0.0.0/24 is subnetted, 1 subnets O IA    4.4.4.0 [110/3] via 10.1.56.5, 00:16:06, FastEthernet0/0      10.0.0.0/24 is subnetted, 3 subnets O IA    10.1.45.0 [110/2] via 10.1.56.5, 00:16:06, FastEthernet0/0 O IA    10.1.34.0 [110/3] via 1

The following restrictions apply to stub areas:     You cannot create a virtual link through a stub area.   A stub area cannot contain an AS boundary router.   You cannot configure the backbone as a stub area.   You cannot configure an area as both a stub area and an not-so-stubby area (NSSA). Ref : Juniper.net