BGP Setup with 2 Cisco routers and one Sonicwall

erik.kneebone · ‎04-25-2013

I am looking for some assistance with the following setup for BGP with the following conditions:

Client has two 2900 routers, each connecting to a seperate ISP

Client has a Sonic Firewall with a link to each router

Client owns their own /24 block of public IPs and has their own AS Number.

Client has a public /24 and /25 from the corresponding ISPs

Client has supplied the following routing rules they would like to use:

-Anything from their own public subnet should advertize via the two ISP's with best path selection

-Anything from the respective ISP public subnets should use only their link (The ISP's are not auth'd to advertize the other's network)

The two routers are directly connected to eachother and each has a link going to the Sonicwall.

Here is the current setup of R1 and the relevant info (I've changed the subnets and AS numbers for security reason)

interface GigabitEthernet0/0

description R1 Interior

ip address 172.16.200.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

description Link to ISP1

ip address 66.66.66.2 255.255.255.252

duplex full

speed 100

service-policy input Police-15Mb

service-policy output Shape-15Mb

!

interface GigabitEthernet0/0/0

no ip address

!

interface GigabitEthernet0/0/1

no ip address

!

interface GigabitEthernet0/0/2

no ip address

!

interface GigabitEthernet0/0/3

no ip address

!

interface Vlan1

description Link to Sonic

ip address 66.77.77.1 255.255.255.0

!

router bgp 5000 (Clien't ASN)

bgp log-neighbor-changes

network 198.100.100.0 mask 255.255.255.0

network 66.77.77.0 mask 255.255.255.0

neighbor 66.66.66.1 remote-as 4000

neighbor 66.66.66.1 prefix-list asgs out

neighbor 66.66.66.1 route-map AS-4000-INCOMING in

neighbor 66.66.66.1 route-map AS-4000-OUTGOING out

neighbor 66.77.77.2 remote-as 5000

neighbor 172.16.200.2 remote-as 5000

neighbor 172.16.200.2 next-hop-self

!

ip forward-protocol nd

!

ip as-path access-list 1 permit ^6325$

ip as-path access-list 2 permit ^95250$

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 198.100.100.0 255.255.255.0 66.77.77.2 permanent

!

ip prefix-list asgs seq 10 permit 198.180.255.0/24

access-list 10 permit 198.100.100.0 0.0.0.255

!

route-map AS-4000-OUTGOING permit 10

match ip address 10

!

route-map AS-4000-INCOMING permit 10

match as-path 1

And here is the configuration for R2

interface GigabitEthernet0/0

description R2 Interior

ip address 172.16.200.2 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

description ISP2

ip address 55.55.55.2 255.255.255.252

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

no ip address

!

interface GigabitEthernet0/0/1

no ip address

!

interface GigabitEthernet0/0/2

no ip address

!

interface GigabitEthernet0/0/3

no ip address

!

interface Vlan1

ip address 55.77.77.1 255.255.255.128

!

router bgp 5000

bgp log-neighbor-changes

network 198.100.100.0 mask 255.255.255.0

network 55.77.77.0 mask 255.255.255.128

neighbor 55.55.55.1 remote-as 3000

neighbor 55.55.55.1 prefix-list asgs out

neighbor 55.55.55.1 route-map AS-3000-INCOMING in

neighbor 55.55.55.1 route-map AS-3000-OUTGOING out

neighbor 172.16.200.1 remote-as 5000

neighbor 172.16.200.1 next-hop-self

!

ip forward-protocol nd

!

ip as-path access-list 1 permit ^3000$

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 198.100.100.0 255.255.255.0 55.77.77.2

!

ip prefix-list asgs seq 10 permit 198.180.255.0/24

access-list 10 permit 198.100.100.0 0.0.0.255

access-list 20 permit 198.100.100.0 0.0.0.255

!

route-map AS-3000-INCOMING permit 10

match as-path 1

set local-preference 150

!

route-map AS-3000-OUTGOING permit 10

match ip address 10

set as-path prepend 5000

!

route-map AS-3000-OUTGOING permit 20

match ip address 20

blau grana · ‎04-25-2013

Hello Erik,

You did not mentioned what is the problem. You modify some commands in your configuration. Also it would be better if you can some sketch with IP addresses and AS numbers (they can be made up) to be able help you with config. It is little bit hard to guess what each IP in your example means.

ROUTER 1

router bgp 5000

no neighbor 66.66.66.1 prefix-list asgs out

neiighbor 66.66.66.1 route-map AS-4000-INCOMING in

neighbor 66.66.66.1 route-map AS-4000-OUTGOING out

neighbor 66.66.66.1 filter-list 7 out

route-map AS-4000-OUTGOING permit 10

match ip address prefix OWN ISP1

route-map AS-4000-INCOMING permit 10

match as-path 1

set local-preference 150

ip prefix-list OWN seq 10 permit 150.0.0.0/24

ip prefix-list ISP1 seq 20 permit 200.0.0.0/24

ip as-path access-list 7 permit ^$

ROUTER 2

router bgp 5000

no neighbor 55.55.55.1 prefix-list asgs out

neighbor 55.55.55.1 route-map AS-3000-INCOMING in

neighbor 55.55.55.1 route-map AS-3000-OUTGOING out

neighbor 55.55.55.1 filter-list 7 out

route-map AS-3000-INCOMING permit 10

match as-path 1

set local-preference 150

route-map AS-3000-OUTGOING permit 10

match ip address prefix OWN

set as-path prepend 5000

route-map AS-3000-OUTGOING permit 20

match ip address prefix ISP2

ip prefix-list OWN seq 10 permit 150.0.0.0/24

ip prefix-list ISP2 seq 20 permit 205.0.0.0/24

ip as-path access-list 7 permit ^$

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

erik.kneebone · ‎04-25-2013

This is the network drawing I put together, not my strong point, hope this helps clarify.

blau grana · ‎04-26-2013

Hello EriK,

This should work for you:

ROUTER 1

interface Loopback0

description BGP_peering

ip address 172.16.1.1 255.255.255.255

ip ospf 1 area 0

!

interface FastEthernet0/0

description ISP1

ip address 66.66.66.2 255.255.255.252

!

interface FastEthernet0/1

description R2

ip address 172.16.200.1 255.255.255.252

ip ospf 1 area 0

!

interface FastEthernet1/0

description Sonic

ip address 66.77.77.1 255.255.255.0

ip ospf 1 area 0

!

router ospf 1

default-information originate

!

router bgp 5000

network 66.77.77.0 mask 255.255.255.0

neighbor 66.66.66.1 remote-as 4000

neighbor 66.66.66.1 prefix-list ISP1_OUT out

neighbor 66.66.66.1 route-map BGP_INCOMING in

neighbor 66.66.66.1 route-map BGP_OUTGOING out

neighbor 66.66.66.1 filter-list 1 in

neighbor 66.66.66.1 filter-list 2 out

neighbor 172.16.2.2 remote-as 5000

neighbor 172.16.2.2 update-source Loopback0

neighbor 172.16.2.2 next-hop-self

neighbor 172.16.3.3 remote-as 5000

neighbor 172.16.3.3 update-source Loopback0

neighbor 172.16.3.3 next-hop-self

!

ip as-path access-list 1 permit ^4000$

ip as-path access-list 2 permit ^$

!

ip prefix-list ISP1_OUT seq 5 permit 198.100.100.0/24

ip prefix-list ISP1_OUT seq 10 permit 66.77.77.0/24

!

route-map BGP_INCOMING permit 10

set local-preference 5000

!

route-map BGP_OUTGOING permit 10

match ip address prefix-list ISP1_OUT

ROUTER 2

interface Loopback0

description BGP_peering

ip address 172.16.2.2 255.255.255.255

ip ospf 1 area 0

!

interface FastEthernet0/0

description ISP2

ip address 55.55.55.2 255.255.255.252

!

interface FastEthernet0/1

description R1

ip address 172.16.200.2 255.255.255.252

ip ospf 1 area 0

!

interface FastEthernet1/0

description Sonic

ip address 55.77.77.1 255.255.255.0

ip ospf 1 area 0

!

router ospf 1

default-information originate

!

router bgp 5000

network 55.77.77.0 mask 255.255.255.0

neighbor 55.55.55.1 remote-as 3000

neighbor 55.55.55.1 prefix-list ISP2_OUT out

neighbor 55.55.55.1 route-map BGP_INCOMING in

neighbor 55.55.55.1 route-map BGP_OUTGOING out

neighbor 55.55.55.1 filter-list 1 in

neighbor 55.55.55.1 filter-list 2 out

neighbor 172.16.1.1 remote-as 5000

neighbor 172.16.1.1 update-source Loopback0

neighbor 172.16.1.1 next-hop-self

neighbor 172.16.3.3 remote-as 5000

neighbor 172.16.3.3 update-source Loopback0

neighbor 172.16.3.3 next-hop-self

!

ip as-path access-list 1 permit ^3000$

ip as-path access-list 2 permit ^$

!

ip prefix-list DEF_ROUTE seq 5 permit 0.0.0.0/0

!

ip prefix-list ISP2_OUT seq 5 permit 198.100.100.0/24

ip prefix-list ISP2_OUT seq 10 permit 55.77.77.0/24

!

ip prefix-list OUR_NET seq 5 permit 198.100.100.0/24

!

route-map BGP_OUTGOING permit 10

match ip address prefix-list OUR_NET

set as-path prepend 5000 5000 5000

!

route-map BGP_OUTGOING permit 20

match ip address prefix-list ISP2_OUT

!

route-map BGP_INCOMING permit 10

match ip address prefix-list DEF_ROUTE

!

route-map BGP_INCOMING permit 20

set local-preference 5000

SONIC

interface Loopback0

description BGP_peering

ip address 172.16.3.3 255.255.255.255

ip ospf 1 area 0

!

interface Loopback10

description OUR_NET

ip address 198.100.100.1 255.255.255.0

!

interface FastEthernet0/0

description R1

ip address 66.77.77.2 255.255.255.0

ip ospf 1 area 0

!

interface FastEthernet0/1

description R2

ip address 55.77.77.2 255.255.255.0

ip ospf 1 area 0

!

router ospf 1

!

router bgp 5000

network 198.100.100.0

neighbor 172.16.1.1 remote-as 5000

neighbor 172.16.1.1 update-source Loopback0

neighbor 172.16.2.2 remote-as 5000

neighbor 172.16.2.2 update-source Loopback0

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

erik.kneebone · ‎04-26-2013

Blau,

I appreicate the response! I am going to test the configs out, that looks very well put together! Thank you for including the Sonic configurations as well. I've never worked with them so that is a big help.

blau grana · ‎04-26-2013

Hello Erik,

Included configuration of Sonic FW is just template as if it would be cisco device. Sorry for confusion.

Here is configuration guide for BGP on SonicOS, it looks very similar to cisco:

http://www.sonicwall.com/downloads/SonicOS_5.6.5.1_BGP_Advanced_Routing.pdf

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions