Deny Deny

R5(config-router)# neighbor 172.16.56.6 route

-map MYMAP in

R5(config-router)# exit

R5(config)# access-list 1 deny 60.1.1.0 0.0.0

255

R5(config)# access-list 1 deny 60.2.2.0 0.0.0

255

R5(config)# access-list 1 permit any

R5(config)# route-map MYMAP deny 10

R5(config-route-map)# match ip address 1

R5(config-route-map)# set weight 10

R5(config-route-map)# exit

R5(config)# route-map MYMAP permit 20

R5(config-route-map)# set weight 20

Denying in the route-map and denying with the conditional (ACL) statement is shown.

With the deny/deny form, the logic will follow the format:

If a match occurs

Then accept the route execute the next route-map statement

The logic of this form is a little difficult to understand. To make it a little clearer, some set statements have been added.

R5(config-router)# neighbor 172.16.56.6 route-map MYMAP in R5(config-router)# exit

R5(config)# access-list 1 deny 60.1.1.0 0.0.0.255 R5(config)# access-list 1 deny 60.2.2.0 0.0.0.255 R5(config)# access-list 1 permit any R5(config)# route-map MYMAP deny 10 R5(config-route-map)# match ip address 1 R5(config-route-map)# set weight 10 R5(config-route-map)# exit R5(config)# route-map MYMAP permit 20 R5(config-route-map)# set weight 20

■ If route-map sequence number 10 is matched accept the route (other than 60.1.1.0/24 or 60.2.2.0/24), execute any set statements, and exit the route-map, do not continue processing. In this case, accepting the route means to deny it.

■ If route-map sequence number 10 is not matched (only networks 60.1.1.0/24 and 60.2.2.0/24), check sequence number 20.

■ Sequence number 20 will implicitly permit all routes and execute any set statements. Only networks 60.1.1.0/24 and 60.2.2.0/24 will continue to sequence number 20.

R5# show ip bgp

BGP table version is 4, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Network Next Hop

Metric LocPrf Weight Path 0 20 600 i 0 20 600 I

Notice that networks 60.1.1.0/24 and 60.2.2.0/24 have their weight set to 20, meaning they had passed route-map sequence number 20.

Modifying Weight Attribute

• Weight is Cisco proprietary

• Used for local path selection

© 2002, Cisco Systems, Inc. All rights reserved. Cisco CCIE Prep v1.0—Module 8-89

The recommended method to use when configuring route maps is the permit/permit method. Here, you can permit in the route map statement, then permit or deny as needed in the conditional statements (access lists, prefix lists, community lists, or AS path lists.) Here are some examples using this method:

Modifying Weight Attribute

■ The weight attribute is a Cisco defined attribute.

■ The weight is used for a best path selection process. The weight is assigned locally to the router.

■ Weight is a value that only makes sense to the specific router and which is not propagated or carried through any of the route updates.

■ A weight can be a number from 0 to 65535. Paths that the router originates have a weight of 32768 by default and other paths have a weight of zero.

The example shows how you can use route maps to modify incoming data from a neighbor.

In this scenario, you want to route through the AS 600 to reach network 1.1.1.0/24. To do that, create a route-map on R5 for routes received from AS 600. Any route received from 172.16.56.6 that matches the filter parameters set in access list 1 will have its weight set to 200, and it will be accepted. All other routes will be accepted and their weight will not be modified from the default value of 0. This will modify the weight attribute of the 1.1.1.0/24 network from R6, so the preferred route is through AS 600.

R5(config)# router bgp 500

R5(config-router)# neighbor 172.16.56.6 remote-as 600 R5(config-router)# neighbor 172.16.56.6 route-map MODWEIGHT in R5(config-router)# exit

R5(config)# access-list 1 permit 1.1.1.0 0.0.0.255 R5(config)# route-map MODWEIGHT permit 10 R5(config-route-map)# match ip address 1 R5(config-route-map)# set weight 200 R5(config-route-map)# exit

R5(config)# route-map MODWEIGHT permit 20

Modifying the Med

You can also modify the metric attribute.

■ The metric attribute is also called MultiExitDiscriminator, MED (BGP4) or Inter-As (BGP3) is a hint to external neighbors about the preferred path into an AS.

■ The metric attribute is a dynamic way to influence another AS on which way to choose in order to reach a certain route given that you have multiple entry points into that AS.

■ A lower value of a metric is preferred.

Unlike local preference, metric is exchanged between (AS)s. A metric is carried into an AS but does not leave the AS. When an update enters the AS with a certain metric, that metric is used for decision making inside the AS. When the same update is passed on to a third AS, that metric will be set back to 0. The Metric default value is 0.

Unless otherwise specified, a router will compare metrics for paths from neighbors in the same AS. In order for the router to compare metrics from neighbors coming from different (AS)s the special configuration command bgp always-compare-med should be configured on the router.

In the example, AS 100 wants to influence AS 300 on the path to reach networks 1.1.1.0/24 and 4.4.4.0/24. To reach these networks, AS 300 should route to R4, not R1.

In the following example, MODMED will set the Multi Exit Discriminator (MED) to 1000 for the routes advertised from R4 and to 2000 from routes advertised from R1.

Before implementing the MED modification, look at R3's BGP table:

R3# show ip bgp

BGP table version is 4, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Network Next Hop Metric LocPrf Weight Path

* 1.1.1.0/24 172.16.70.4 0 100 i *> 172.16.134.1 0 0 100 i *> 3.3.3.0/24 0.0.0.0 0 32768 i

* 4.4.4.0/24 172.16.70.4 0 0 100 i *> 172.16.134.1 0 100 I

Here you see the preferred route to networks 1.1.1.0/24 and 4.4.4.0/24 is through R1 (172.16.134.1)

Now, implement the MED attribute modification on R4. Remember the route with the lowest MED will be the preferred route.

R4(config)# router bgp 100

R4(config-router)# neighbor 172.16.70.3 route-map MODMED out R4(config-router)# exit

R4(config)# access-list 1 permit 1.1.1.0 0.0.0.255 R4(config)# access-list 1 permit 4.4.4.0 0.0.0.255 R4(config)# route-map MODMED permit 10 R4(config-route-map)# match ip address 1 R4(config-route-map)# set metric 1000 R4(config-route-map)# exit R4(config)# route-map MODMED permit 20

R1(config)# access-list 1 permit 4.4.4.0 0.0.0.255 R1(config)# route-map MODMED permit 10 R1(config-route-map)# match ip address 1 R1(config-route-map)# set metric 2000 R1(config-route-map)# exit R1(config)# route-map MODMED permit 20

After clearing the BGP connections on R3, issue the following command to verify the modifications:

R3# show ip bgp

BGP table version is 11, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* 172.16.134.1 2000 0 100 i *> 3.3.3.0/24 0.0.0.0 0 32768 i

* 4.4.4.0/24 172.16.134.1 2000 0 100 i *> 172.16.70.4 1000 0 100 I

R3 in AS 300 prefers the route through R4 to reach networks 1.1.1.0/24 and 4.4.4.0/24.

Modifying Local-Preference

The following facts are part of modifying the local-preference:

■ Local-preference is an indication to the AS about which path is preferred to exit the AS in order to reach a certain network.

■ A path with a higher local-preference is more preferred.

■ The default value for local-preference is 100.

Unlike the weight attribute that is only relevant to the local router, local-preference is an attribute that is exchanged among routers in the same AS.

Local-preference is set via the bgp default local-preference <value> command or with route-maps as will be demonstrated in the following example:

In this scenario, you want AS 100 to use the route between R4 and R3 to reach AS 300.

It is proper behavior to not accept any autonomous system path not matching the match clause of the route map. This means that you will not set the metric and the Cisco IOS software will not accept the route. However, you can configure the software to accept autonomous system paths not matched in the match clause of the route map command by using multiple maps of the same name, some without accompanying set commands.

If you view R1's BGP table, you see the following:

Rl# show ip bgp

BGP table version is 6, local router ID is l.l.l.l

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Here you see R1 is using its directly connected link to reach 3.3.3.0/24. Next, configure R4 to modify its local preference for the 3.3.3.0/24 network.

R4(config)# router bgp 100

R4(config-router)# neighbor 172.16.0.3 route-map MYMAP in R4(config-router)# exit

R4(config)# access-list 1 permit 3.3.3.0 0.0.0.255 R4(config)# route-map MYMAP permit 10 R4(config-route-map)# match ip address 1 R4(config-route-map)# set local-preference 500 R4(config-route-map)# exit R4(config)# route-map MYMAP permit 20

R1# show ip bgp

BGP table version is 6, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network

Next

Hop

Metric

LocPrf

Weight

Path

*> 1.1.1.

. 0/24

0.0.

0.0

0

32768

i

*>i3.3.3.

. 0/24

172.

16.70.3

0

500

0

300

*

172.

16. 134.3

0

0

300

*>i4.4.4.

0/24

172.

16.45.4

0

100

0

i

Modifying AS Path Using Prepend

• Prepending AS numbers to an advertisement makes route less desirable

© 2002, Cisco Systems, Inc. All rights reserved. Cisco CCIE Prep v1.0—Module 8-92

Another way to influence the path to a network is to modify the AS path. When you prepend AS paths to a prefix, you are making the route look less attractive.

In this scenario, you want to influence AS 100 on how it can reach the 3.3.3.0/24 network. You want to make sure that packets traveling from AS 100 to the 3.3.3.0/24 network travel over the link between R4 and R3.

The following example shows how the route map called set-as-path is applied to outbound updates to the neighbor 172.16.134.1. The route map will prepend the autonomous system path "300 300" to routes that pass access list 1. The second part of the route map is to permit the advertisement of other routes.

Before you begin configuration, look at the BGP table on R1. Rl# show ip bgp

BGP table version is 8, local router ID is l.l.l.l

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Here you prefer the link between R1 and R3 to reach the 3.3.3.0/24 network. Lets perform the configuration on R3.

R3(config)# router bgp 300

R3(config-router)# network 3.3.3.0 mask 255.255.255.0 R3(config-router)# neighbor 172.16.70.4 remote-as 100 R3(config-router)# neighbor 172.16.134.1 remote-as 100 R3(config-router)# neighbor 172.16.134.1 route-map SET-AS-PATH out R3(config-router)# exit

R3(config)# access-list 1 permit 3.3.3.0 0.0.0.255 R3(config)# route-map SET-AS-PATH permit 10 R3(config-route-map)# match address 1 R3(config-route-map)# set as-path prepend 300 300 R3(config-route-map)# exit

R3(config)# route-map SET-AS-PATH permit 20

If you view the BGP table on R1, you see the following: R1# show ip bgp

BGP table version is 4, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Next Hop 0.0.0.0 172.16.23.2 172.16.134.3 172.16.45.4

Metric LocPrf Weight Path

0 32768 i

100 0 300 i

0 0 300 300 300 i

0 100 0 i sco.com sco.com

R4(config)# ip route 0.0.0.0 0.0.0.0 serialO/O R4(config)# router bgp 400

R4(config-router)# default-information originate R4(config-router)# redistribute static

R4(config)# ip route 0.0.0.0 0.0.0.0 serialO/O R4(config)# router bgp 400

R4(config-router)# default-information originate R4(config-router)# redistribute static

• To advertise a default route use the default-information originate command

© 2002, Cisco Systems, Inc. All lights reserved.

Cisco CCIE Prep v1.0—Mod

When you have a BGP speaker advertise a default route, you should issue the following command in router configuration mode:

Default-information originate For example:

On R4 you issue the following command:

R4(config)# router bgp 400

R4(config-route)# default-information originate

After clearing the BGP connections, you look at R5 to see the following: R5# show ip bgp

BGP table version is 17, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

You do not have a default network in the BGP table. This is because even though you have issued the proper command, R4 itself has no default network. If R4 has no default network, it will not advertise one. To remedy this issue the following command on R4:

After clearing the BGP connection, look at R5's BGP table once again. R5# show ip bgp

BGP table version is 17, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Again, you see that you have not received the default network on R5. This is because BGP requires not only the default-information originate command and a default-network created, it also requires that you redistribute the default-network into BGP. You need to issue this command on R4:

R4(config)# router bgp 400 R4(config-router)# redistribute static\

After clearing the BGP connection once more, look at R5's BGP table: R5# show ip bgp

BGP table version is 17, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network *> 0.0.0.0 *> 4.4.4.0/24 *> 5.5.5.0/24

Metric LocPrf Weight Path 0 0 400 ?

0 32768 i

Finally, you have received your default network on R5. Remember, when advertising a default network from BGP three items need to be completed on the router advertising the default network:

■ Create a static default route (0.0.0.0 0.0.0.0)

■ Redistribute the static route into BGP (redistribute static)

■ Issue the default-information originate command

0 0

Post a comment