Internet Routing Architectures (CISCO):Configurinbg Effective Internet Routing Policies
Previous
Table of Contents
Next
Default Only, One Primary, and One Backup Link
In figure 11-3, AS3 is multihomed to AS1. AS3 is not learning any BGP routes from AS1 and is sending its own routes via BGP. RTA will be running defaults toward AS1, with the NY link being the primary link and the SF link being the secondary link. The following policies should apply:
Figure 11-3 Multihoming to a single provider (default only, one primary, and one back up link).
1. Outbound traffic from AS3 should always go on the NY link unless that link fails, in which case it should switch to the other link.
This can be achieved by configuring two static routes in RTA pointing the defaults toward the two links. The default via the NY link will be set with a lower distance to be more preferred.
2. Inbound traffic toward AS3 should always come on the NY link unless that link fails, in which case it should switch to the other link.
This can be achieved by having RTA send different metrics toward AS1 on both links, with a lower metric on the NY link. This way, inbound traffic coming from AS1 will always come via the NY link.
3. Prevent any BGP updates from coming into AS3.
This can be achieved by having AS3 configure a route map or distribute list that will block all incoming BGP routing updates. Usually, the provider (AS1, in this case) will not send you any updates per your request. Nevertheless, you should always protect the AS against the unknown. The provider could make a mistake and send you all his routes, and your AS would be vulnerable.
RTA configuration:
router bgp 3
network 172.16.220.0 mask 255.255.255.0
neighbor 172.16.20.1 remote-as 1
neighbor 172.16.20.1 route-map BLOCK in
neighbor 172.16.20.1 route-map SETMETRIC1 out
neighbor 192.68.9.2 remote-as 1
neighbor 192.68.9.2 route-map BLOCK in
neighbor 192.68.9.2 route-map SETMETRIC2 out
no auto-summary
ip route 0.0.0.0 0.0.0.0 172.16.20.1 50
ip route 0.0.0.0 0.0.0.0 192.68.9.2 40
route-map SETMETRIC1 permit 10
set metric 100
route-map SETMETRIC2 permit 10
set metric 50
route-map BLOCK deny 10
In the preceding configuration, AS3 has used static routes to configure defaults toward AS1. The 0/0 toward RTD is given a distance of 40, lower than the distance of 50 toward RTC. The NY link will act as primary. Alternatively, AS3 could have accepted a single entry from AS1 and configured that entry as being the default.
Route maps SETMETRIC2 and SETMETRIC1 are used to set the outbound metric to 50 toward RTD and 100 toward RTC, respectively. Inbound traffic will prefer the NY link.
Route map BLOCK is used to block all incoming BGP updates from AS1.
The following RTA IP routing table shows how the default route is set. Note that distance 40 is being preferred over distance 50 for the 0/0 route, and the gateway of last resort is pointing to next hop 192.68.9.2.
RTA#show ip route
Codes: C - connected, S - static, I - IGRP,
R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
* - candidate default
Gateway of last resort is 192.68.9.2 to network 0.0.0.0
C 192.68.9.0 is directly connected, Ethernet0
172.16.0.0 255.255.255.0 is subnetted, 2 subnets
C 172.16.220.0 is directly connected, Ethernet1
C 172.16.20.0 is directly connected, Serial0
S* 0.0.0.0 0.0.0.0 [40/0] via 192.68.9.2
The following is RTC's BGP table, and it shows that AS3 is always accessed via the RTD-RTA link because of the lower metric 50. Prefix 172.16.220.0/24 can be reached via IBGP and EBGP. The IBGP route has been chosen as the best route. Note in this table that RTC's next hop to reach prefix 172.16.220.0/24 is 192.68.6.1. This is because RTD has configured its neighbor connection with RTC using the next-hop-self neighbor command.
RTC#show ip bgp
BGP table version is 11, local router ID is 192.68.11.1
Status codes: s suppressed, d damped, h history,
* valid, > best,
i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i172.16.220.0/24 192.68.6.1 50 100 0 3 i
* 172.16.20.2 100 0 3 i
*> 192.68.11.0 0.0.0.0 0 32768 i
Previous
Table of Contents
Next
Wyszukiwarka
Podobne podstrony:
373 376373 376 2y6ernrrl7llggqrqhkgl7gq4x4c2niirkuh5yq376 379373 377376,4,artykulInterpretacja tytułu powieści Tadeusza Konwickiego pt M~376372 373373 374371 373371 373376 381 axc5jlpeya5e5e26gci7bke4decmlk4qn57mrky376 Jak sprawdzać dowody księgowewięcej podobnych podstron