After a little hiatus, I’m back with another post. Today (or tonight, in my neck of the woods), I’m writing about how to advertise a default route to a BGP peer. Our topology looks like this:
This is a typical hub-and-spoke frame-relay network, with R3 having a point-to-point connection to each of R4 and R5. For this scenario, let’s assume that R3 is an ISP router and that R4 and R5 each belong to a customer that is single-homed to the ISP. For whatever reason, R4 and R5 has chosen to use BGP for routing, but they do not need (or perhaps cannot handle) the full routing table.
I’m including the initial configurations of the routers for clarity and those who wish to follow along. Explaining them, however, is outside the scope of this article. If you do not understand the frame-relay configurations, you may want to read through my “Basic Frame Relay Lab“.
Let’s get started by configuring the frame-relay connections on the three routers:
R3# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)# interface serial 0/0
R3(config-if)# no ip address
R3(config-if)# encapsulation frame-relay
R3(config-if)# no frame-relay inverse-arp
R3(config-if)# no shutdown
R3(config-if)# interface serial 0/0.4 point-to-point
R3(config-subif)# frame-relay interface-dlci 304
R3(config-fr-dlci)# ip address 172.16.34.3 255.255.255.0
R3(config-subif)# interface serial 0/0.5 point-to-point
R3(config-subif)# frame-relay interface-dlci 305
R3(config-fr-dlci)# ip address 172.16.35.3 255.255.255.0
R4# conf t
R4(config)# interface serial 0/0
R4(config-if)# no ip address
R4(config-if)# encapsulation frame-relay
R4(config-if)# no frame-relay inverse-arp
R4(config-if)# no shutdown
R4(config-if)# interface serial 0/0.3 point-to-point
R4(config-subif)# frame-relay interface-dlci 403
R4(config-fr-dlci)# ip address 172.16.34.4 255.255.255.0
R5# conf t
R5(config)# interface serial 0/0
R5(config-if)# no ip address
R5(config-if)# encapsulation frame-relay
R5(config-if)# no frame-relay inverse-arp
R5(config-if)# no shutdown
R5(config-if)# interface serial 0/0.3 point-to-point
R5(config-subif)# frame-relay interface-dlci 503
R5(config-fr-dlci)# ip address 172.16.35.5 255.255.255.0
Verify reachability:
R3# ping 172.16.34.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.34.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms
R3# ping 172.16.35.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.35.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
R3#
In addition to the physical networks (172.16.34.0/24 and 172.16.35.0/24), we’re also going to advertise the loopback addresses into BGP, so let’s configure those interfaces now:
R3(config)# interface loopback 0
R3(config-if)# ip address 172.16.33.1 255.255.255.0
R4(config)# interface loopback 0
R4(config-if)# ip address 172.16.44.1 255.255.255.0
R5(config)# interface loopback 0
R5(config-if)# ip address 172.16.55.1 255.255.255.0
Now that we have the basics out of the way, we can bring up our BGP adjacencies. We’re not going to advertise any routes yet, just get the connections up:
R3(config)# router bgp 33
R3(config-router)# neighbor 172.16.34.4 remote-as 44
R3(config-router)# neighbor 172.16.35.5 remote-as 55
R4(config)# router bgp 44
R4(config-router)# neighbor 172.16.34.3 remote-as 33
R5(config)# router bgp 55
R5(config-router)# neighbor 172.16.35.3 remote-as 33
After a moment, you should see syslog messages showing that the adjacencies have come up. Let’s take a look:
R3# sh ip bgp summary
BGP router identifier 172.16.33.1, local AS number 33
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.34.4 4 44 7 7 1 0 0 00:03:46 0
172.16.35.5 4 55 5 5 1 0 0 00:01:28 0
Looks like we’re good so far. Let’s advertise the physical networks as well as our loopbacks on each router:
R3(config)# router bgp 33
R3(config-router)# network 172.16.33.0 mask 255.255.255.0
R3(config-router)# network 172.16.34.0 mask 255.255.255.0
R3(config-router)# network 172.16.35.0 mask 255.255.255.0
R4(config)# router bgp 44
R4(config-router)# network 172.16.44.0 mask 255.255.255.0
R5(config)# router bgp 55
R5(config-router)# network 172.16.55.0 mask 255.255.255.0
Give it a moment and let the updates get sent out, then take a look at the BGP tables on R4 and R5:
R4# sh ip bgp | be Network
Network Next Hop Metric LocPrf Weight Path
*> 172.16.33.0/24 172.16.34.3 0 0 33 i
r> 172.16.34.0/24 172.16.34.3 0 0 33 i
*> 172.16.35.0/24 172.16.34.3 0 0 33 i
*> 172.16.44.0/24 0.0.0.0 0 32768 i
*> 172.16.55.0/24 172.16.34.3 0 33 55 i
R5# sh ip bgp | be Network
Network Next Hop Metric LocPrf Weight Path
*> 172.16.33.0/24 172.16.35.3 0 0 33 i
*> 172.16.34.0/24 172.16.35.3 0 0 33 i
r> 172.16.35.0/24 172.16.35.3 0 0 33 i
*> 172.16.44.0/24 172.16.35.3 0 33 44 i
*> 172.16.55.0/24 0.0.0.0 0 32768 i
So we can see that our routes are being propagated via BGP. Notice something, though? Every (non-directly connected) route on R4 and R5 is through R3. Since we have to go through R3 to get to any routes (that aren’t internal), we might as well use R3 as our default gateway and save our router some work, yeah? We can easily replace a few of these routes with a default route (which is the whole point of this article anyway), so let’s do it.
To accomplish this, we tell R3 to originate a default route and advertise it to both R4 and R5. This is easily done with the “neighbor a.b.c.d default-originate” command.
R3(config)# router bgp 33
R3(config-router)# neighbor 172.16.34.4 default-originate
R3(config-router)# neighbor 172.16.35.5 default-originate
Let’s look at our BGP tables on R4 and R5 now:
R4# sh ip bgp | be Network
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 172.16.34.3 0 33 i
*> 172.16.33.0/24 172.16.34.3 0 0 33 i
r> 172.16.34.0/24 172.16.34.3 0 0 33 i
*> 172.16.35.0/24 172.16.34.3 0 0 33 i
*> 172.16.44.0/24 0.0.0.0 0 32768 i
*> 172.16.55.0/24 172.16.34.3 0 33 55 i
R5# sh ip bgp | be Network
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 172.16.35.3 0 33 i
*> 172.16.33.0/24 172.16.35.3 0 0 33 i
*> 172.16.34.0/24 172.16.35.3 0 0 33 i
r> 172.16.35.0/24 172.16.35.3 0 0 33 i
*> 172.16.44.0/24 172.16.35.3 0 33 44 i
*> 172.16.55.0/24 0.0.0.0 0 32768 i
Well, there’s our default route … wait, why are those other routes still there? Well, they are still being advertised by R3 so they end up in our BGP tables. We need to prevent them from getting there in the first place. One way to do this is to filter the routes as they come in (on R4 and R5). This is inefficient, however, as the ISP is still advertising them to us and our router must still receive and process them (before ultimately discarding them). A much better way to handle this is to have the ISP not advertise those routes to us in the first place.
There are (at least) two ways of doing this, from the R3 (ISP) side. The first is to use an as-path filter and the other involves a route-map.
We’ll use “ip as-path” to filter out all routes from being advertised to R4 (note that this does not affect a default route) then clear the BGP connection:
R3(config)# ip as-path access-list 1 deny .*
R3(config)# router bgp 33
R3(config-router)# neighbor 172.16.34.4 filter-list 1 out
R3(config-router)# do clear ip bgp 172.16.34.4
Give the adjacency time to re-establish, then take another look at the BGP table:
R4# sh ip bgp | be Network
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 172.16.34.3 0 33 i
*> 172.16.44.0/24 0.0.0.0 0 32768 i
Let’s verify that we can ping R5′s loopback (172.16.55.1) from R4′s (172.16.44.1):
R4# ping 172.16.55.1 source 172.16.44.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.55.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.44.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
Now, let’s get rid of all those “extras” routes we’re advertising to R5 as well. This time, however, we’ll use an access-list and a route-map to do the job. First, though, let’s verify what routes R3 is actually sending to R5:
R3# sh ip bgp neighbor 172.16.35.5 advertised-routes
BGP table version is 8, local router ID is 172.16.33.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Originating default network 0.0.0.0
Network Next Hop Metric LocPrf Weight Path
*> 172.16.33.0/24 0.0.0.0 0 32768 i
*> 172.16.34.0/24 0.0.0.0 0 32768 i
*> 172.16.35.0/24 0.0.0.0 0 32768 i
*> 172.16.44.0/24 172.16.34.4 0 0 44 i
We can easily see that a total of four BGP routes as well as a default route (“Originating default network 0.0.0.0″) are being advertised. Let’s cut that down to just the default route:
R3(config)# access-list 1 deny any
R3(config)# route-map FILTER_ALL_R5 permit 10
R3(config-route-map)# match ip address 1
R3(config-route-map)# router bgp 33
R3(config-router)# neighbor 172.16.35.5 route-map FILTER_ALL_R5 out
R3(config-router)# do clear ip bgp 172.16.35.5
Again, wait for the adjacency to come up and then let’s take a look at what routes R3 is sending to R5:
R3# sh ip bgp neighbor 172.16.35.5 advertised-routes
BGP table version is 10, local router ID is 172.16.33.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Originating default network 0.0.0.0
Network Next Hop Metric LocPrf Weight Path
Well, lookie there, with the exception of the default route, no routes are being advertised to R5. Let’s take a look at the BGP table from R5′s point of view:
R5# sh ip bgp | be Network
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 172.16.35.3 0 33 i
*> 172.16.55.0/24 0.0.0.0 0 32768 i
As you can see, the only routes in the BGP table are the (locally originated) route for 172.16.55.0/24 and the default route. Just for good measure, let’s take a look at the whole routing table:
R5# sh ip route | be Gateway
Gateway of last resort is 172.16.35.3 to network 0.0.0.0
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.55.0 is directly connected, Loopback0
C 172.16.35.0 is directly connected, Serial0/0.3
B* 0.0.0.0/0 [20/0] via 172.16.35.3, 00:03:07
And there you have it — our directly connected routes and our default route (received via BGP). Let’s verify that we can still have connectivity between R4 and R5′s loopbacks:
R5# ping 172.16.44.1 source 172.16.55.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.44.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.55.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
Refer to http://evilrouters.net/
