04-29-2009 03:45 PM - edited 03-06-2019 05:27 AM
Hello,
We currently have IP's from ARIN routed on our ISP's BGP. We provide them our IP subnet info and they put in their BGP and route them to our interface on their switches...
Now we received our own ASN from ARIN and we want to migrate over to doing the proper routing with our own ASN.
What is the best way to do that and can someone please provide clear instructions on how to do it ?
Very much appreciated
Thanks
04-30-2009 12:30 AM
Hello Elazar,
if you have your own public BGP AS number you need to setup eBGP sessions with your upstream providers.
On these eBGP sessions you can and you should advertise your own IP address blocks.
On the eBGP sessions you can receive:
full BGP tables (this require a very powerful router)
only default routes
default routes + some specific routes from each upstream provider.
for examples of BGP multihoming see:
using a single router
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml
using one router or multiple routers
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml
As a preliminary step you should also verify in ARIN that the ip public address blocks are associated to your ASN.
If you have multilayer switches that can run BGP you should be able to configure BGP multihoming if receiving only default routes or default routes + some routes.
To deal with multiple full Internet BGP tables you need C6500 with at least Sup 720 3BXL on them.
Just to provide some figures a full BGP table is now in the order of 288,000 routes.
You probably don't need it (unless you want to be able to classify traffic using netflow for security reasons).
All these operations require cooperation with ISP people : to setup a BGP session both sides have to configure it.
Hope to help
Giuseppe
04-30-2009 07:34 AM
Here is what we have.
We want to run BGP with ONE provider for now. So can you provide sample configuration I would need to put in, in order to have BGP running with me getting only the routes from my ISP, I do not want full bgp table routes..
Now they announce our IP's on their network so we need to change that to BGP.
1. What is the different between DEFAULT and DIRECTLY CONNECTED routes and which one should we take?
2. What changes would need to be done on the router in order to have BGP properly setup for that?
3. Can you please provide configuration commands so we can set that up?
Much Appreciated
Thanks
04-30-2009 09:05 AM
Hello Elazar,
the first link I've provided should provide all the necessary information.
However, I try to answer:
1) a default route is 0.0.0.0/0 is a sort a wildcard that represents the whole internet all the ipv4 address space.
Connected routes are simply the ip subnets associated to the router's interfaces.
2)
you need to create the BGP process, to configure an eBGP session with the provider and to advertise your own ip address block.
a possible config template is:
yourASN: is your ASN
router bgp yourASN
neigh provider-ip-address remote-as ISP-ASN
you need a direct ip link between your edge router and the ISP router.
the edge router can advertise an aggregated address of a given prefix len.
This summary route is advertised if there is at least one component route = one subnet present in the BGP table.
the edge router can install routes in the BGP table using the network command
let's say x.y.k.0/24 is one component subnet
router bgp yourASN
network x.y.k.0 mask 255.255.255.0
you add other components for example 7
network x.y.k+1.0 mask 255.255.255.0
...
network x.y.k+7.0 mask 255.255.255.0
to create the aggregate you need to use
router bgp yourASN
aggregate address x.y.k.0 mask 255.255.248.0 summary-only
you can also protect your router from receiving more routes then needed
prefix-list only-default permit 0.0.0.0/0
route-map accept_default_only permit 10
match ip address prefix-list only-default
router bgp yourASN
neigh isp-addr route-map accept_default_only in
you can find more details in the docs I've linked
Hope to help
Giuseppe
05-06-2009 12:01 PM
In my cisco 6509 with sup 720, the IP ROUTING is enabled by default on these devices.
Do I need to disable ip routing and then enable BGP routing? or simply enable BGP routing and it will take over on BGP and cancel off the static routing or how does it work
Thanks
05-07-2009 01:13 AM
Hello Elazar,
ip routing is required in any case.
BGP is a routin protocol that can be used for exchanging IP routes with other devices.
You need to enable the bgp process with
router bgp your.ASN
to really use the BGP route(s) you need to remove the default static route otherwise they will be used for their lower Administrative Distance AD
when the BGP default route is installed you should see:
B 0.0.0.0/0 [20/0]
Hope to help
Giuseppe
05-07-2009 06:32 AM
Ok we will have to implement it very soon. I wanted to post exactly what we have now and exactly what we are looking to do, if someone can post the EXACT and COMPLETE config commands to change it over it would be MUCH appreciated.
What we have now:
1 ISP which announces our networks on their BGP and we have a:
ip route 0.0.0.0 0.0.0.0 ISP-IP
on our end to send back the non local traffic back to our ISP.
Our ISP provided us with a /30 for communication between US and THEM.
So on our end it is XXX.XXX.XXX.10 and on theirs XXX.XXX.XXX.9
WHAT WE WANT TO DO:
We want to have the SAME provider but with BGP. We have our own ASN already.
We want to get only default routes from our ISP since we only have one ISP.
What would be the complete configuration to put in, in order to do this... We need to remove the static routing back to our ISP and move it over to BGP.
Can someone please let us know exactly what needs to be ADDED and REMOVED from the current configuration ??
Very much appreciated.
Thanks
05-07-2009 08:15 AM
Hello Elazar,
even I think I provided already all the needed information I understand that you would like to see a cleaner template and a procedure.
I try to use the same variables I provided before using the last details you have provided
yourASN = the AS number you have received from an authority like RIPE or ARIN
ISP.ASN = the ASN of your ISP (they need to provided it to you)
create a prefix-list to accept only default
conf t
ip prefix-list only-default permit 5 0.0.0.0/0
route-map filter-in permit 10
match ip address prefix only-default
!this is used to filter routes sent by ISP to you
!then you need to advertise your own ip address block
!network yourIPblock mask yourIPblock.mask
!Now you have all the objects to start BGP config
router bgp yourASN
neighbor XXX.XXX.XXX.9 remote-as ISP.ASN
neighbor XXX.XXX.XXX.9 route-map filter-in in
network yourIPblock mask yourIPblock.mask
!
!Notes about network command:
!your public ip address block has to be present in the ip routing table to be advertised to the ISP router.
!if you have multiple blocks you need multiple network commands one for each of them.
end
b) Checks
sh ip bgp
you should see
0.0.0.0 with next-hop XXX.XXX.XXX.9
this to verify reception of BGP route
use
sh ip bgp neigh XXX.XXX.XXX.9 advertised-routes
verify that you see your public network(s) here in the output
c)
if all checks are fine you can remove the default route
conf t
no ip route 0.0.0.0 0.0.0.0 ISP-IP
do sh ip route 0.0.0.0
you should see now a B route in your routing table
verify internet connectivity.
If everything is fine you have migrated to BGP successfully
e)
save config (very important)
write memory
Hope to help
Giuseppe
05-07-2009 09:11 AM
Hello,
ok thank you SO MUCH for this.
1) Now when you say yourIPblock.mask
Can you give a true example with a fake IP address. Does it mean 333.333.333.333.255.255.255.0 for example?
where 333.333.333.333 is the IP and 255.255.255.0 is the mask? thats the way to write it ???
2) when you say this "
!your public ip address block has to be present in the ip routing table to be advertised to the ISP router"
this is done by this command "network yourIPblock mask yourIPblock.mask" and I right? or does it mean I have to do something else...
Thank You
05-07-2009 02:50 PM
We have successfully implemented BGP. :) many thanks
How long before all websites like DNSSTUFF etc.. etc.. updates the AS number associated with our IP's to our own AS number ??
Thank you so much.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: