12.1.3 Lab – Implement BGP Communities (Answers)
Topology
Addressing Table
Device | Interface | IPv4 Address | IPv6 Address | IPv6 Link-Local |
---|---|---|---|---|
R1 | G0/0/0 | 10.1.2.1/24 | 2001:db8:acad:1012::1/64 | fe80::1:1 |
S0/1/0 | 10.1.3.1/25 | 2001:db8:acad:1013::1/64 | fe80::1:2 | |
S0/1/1 | 10.1.3.129/25 | 2001:db8:acad:1014::1/64 | fe80::1:3 | |
Loopback0 | 192.168.1.1/27 | 2001:db8:acad:1000::1/64 | fe80::1:4 | |
Loopback1 | 192.168.1.65/26 | 2001:db8:acad:1001::1/64 | fe80::1:5 | |
R2 | G0/0/0 | 10.1.2.2/24 | 2001:db8:acad:1012::2/64 | fe80::2:1 |
G0/0/1 | 10.2.3.2/24 | 2001:db8:acad:1023::2/64 | fe80::2:2 | |
Loopback0 | 192.168.2.1/27 | 2001:db8:acad:2000::1/64 | fe80::2:3 | |
Loopback1 | 192.168.2.65/26 | 2001:db8:acad:2001::1/64 | fe80::2:4 | |
R3 | G0/0/0 | 10.2.3.3/24 | 2001:db8:acad:1023::3/64 | fe80::3:1 |
S0/1/0 | 10.1.3.3/25 | 2001:db8:acad:1013::3/64 | fe80::3:2 | |
S0/1/1 | 10.1.3.130/25 | 2001:db8:acad:1014::3/64 | fe80::3:3 | |
Loopback0 | 192.168.3.1/27 | 2001:db8:acad:3000::1/64 | fe80::3:4 | |
Loopback1 | 192.168.3.65/26 | 2001:db8:acad:3001::1/64 | fe80::3:5 |
Objectives
- Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
- Part 2: Configure and Verify Multi-Protocol BGP on all Routers
- Part 3: Configure and Verify BGP Communities on all Routers
Background / Scenario
As you saw in the previous lab, standard path manipulation tools generally require a lot of configuration. Imagine if the last lab was implemented in a large and complex routing environment. Using BGP communities gives you an option for tagging and controlling routing information in a less labor-intensive manner. In this lab you will configure Multi-Protocol BGP and implement BGP community configurations for both IPv4 and IPv6.
Note: This lab is an exercise in developing, deploying, and verifying BGP communities, and does not reflect networking best practices.
Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). Other routers and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs.
Note: Ensure that the routers have been erased and have no startup configurations. If you are unsure contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
- 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
- 1 PC (Choice of operating system with a terminal emulation program installed)
- Console cables to configure the Cisco IOS devices via the console ports
- Ethernet and serial cables as shown in the topology
Instructions
Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
In Part 1, you will set up the network topology and configure basic settings and interface addressing on routers.
Step 1: Cable the network as shown in the topology.
Attach the devices as shown in the topology diagram, and cable as necessary.
Step 2: Configure basic settings for each router.
a. Console into each router, enter global configuration mode, and apply the basic settings and interface addressing. A command list for each router is listed below for initial configuration.
Router R1
no ip domain lookup hostname R1 line con 0 exec-timeout 0 0 logging synchronous exit banner motd # This is R1, BGP Path Manipulation Lab # ipv6 unicast-routing interface g0/0/0 ip address 10.1.2.1 255.255.255.0 ipv6 address fe80::1:1 link-local ipv6 address 2001:db8:acad:1012::1/64 no shutdown interface s0/1/0 ip address 10.1.3.1 255.255.255.128 ipv6 address fe80::1:2 link-local ipv6 address 2001:db8:acad:1013::1/80 no shutdown interface s0/1/1 ip address 10.1.3.129 255.255.255.128 ipv6 address fe80::1:3 link-local ipv6 address 2001:db8:acad:1014::1/80 no shutdown interface loopback 0 ip address 192.168.1.1 255.255.255.224 ipv6 address fe80::1:4 link-local ipv6 address 2001:db8:acad:1000::1/64 no shutdown interface loopback 1 ip address 192.168.1.65 255.255.255.192 ipv6 address fe80::1:5 link-local ipv6 address 2001:db8:acad:1001::1/64 no shutdown exit
Router R2
no ip domain lookup hostname R2 line con 0 exec-timeout 0 0 logging synchronous exit banner motd # This is R2, BGP Path Manipulation Lab # ipv6 unicast-routing interface g0/0/0 ip address 10.1.2.2 255.255.255.0 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:acad:1012::2/64 no shutdown interface g0/0/1 ip address 10.2.3.2 255.255.255.0 ipv6 address fe80::2:2 link-local ipv6 address 2001:db8:acad:1023::2/64 no shutdown interface loopback 0 ip address 192.168.2.1 255.255.255.224 ipv6 address fe80::2:3 link-local ipv6 address 2001:db8:acad:2000::1/64 no shutdown interface loopback 1 ip address 192.168.2.65 255.255.255.192 ipv6 address fe80::2:4 link-local ipv6 address 2001:db8:acad:2001::1/64 no shutdown
Router R3
no ip domain lookup hostname R3 line con 0 exec-timeout 0 0 logging synchronous exit banner motd # This is R3, BGP Path Manipulation Lab # ipv6 unicast-routing interface g0/0/0 ip address 10.2.3.3 255.255.255.0 ipv6 address fe80::3:1 link-local ipv6 address 2001:db8:acad:1023::3/64 no shutdown interface s0/1/0 ip address 10.1.3.3 255.255.255.128 ipv6 address fe80::3:2 link-local ipv6 address 2001:db8:acad:1013::3/80 no shutdown interface s0/1/1 ip address 10.1.3.130 255.255.255.128 ipv6 address fe80::3:3 link-local ipv6 address 2001:db8:acad:1014::3/80 no shutdown interface loopback 0 ip address 192.168.3.1 255.255.255.224 ipv6 address fe80::3:4 link-local ipv6 address 2001:db8:acad:3000::1/64 no shutdown interface loopback 1 ip address 192.168.3.65 255.255.255.192 ipv6 address fe80::3:5 link-local ipv6 address 2001:db8:acad:3001::1/64 no shutdown
b. Set the clock on each router to UTC time.
c. Save the running configuration to startup-config.
Part 2: Configure and Verify Multi-Protocol BGP on all Routers
In Part 2, you will configure and verify Multi-Protocol BGP on all routers to achieve full connectivity between the routers. The text below provides you with the complete configuration for R1. You will use this to inform your configuration of R2 and R3. The configuration being used here is not meant to represent best practice, but to assess your ability to complete the required configurations.
Step 1: On R1, create the core BGP configuration.
a. Enter BGP configuration mode from global configuration mode, specifying AS 6500.
R1(config)# router bgp 6500
b. Configure the BGP router-id for R1.
R1(config-router)# bgp router-id 1.1.1.1
c. Disable the default IPv4 unicast behavior
R1(config-router)# no bgp default ipv4-unicast d. Based on the topology diagram, configure all the designated neighbors for R1. R1(config-router)# neighbor 10.1.2.2 remote-as 500 R1(config-router)# neighbor 10.1.3.3 remote-as 300 R1(config-router)# neighbor 10.1.3.130 remote-as 300 R1(config-router)# neighbor 2001:db8:acad:1012::2 remote-as 500 R1(config-router)# neighbor 2001:db8:acad:1013::3 remote-as 300 R1(config-router)# neighbor 2001:db8:acad:1014::3 remote-as 300
Step 2: On R1, configure the IPv4 unicast address family.
a. Enter the IPv4 unicast address family configuration mode.
R1(config-router)# address-family ipv4 unicast
b. Configure network statements for the IPv4 networks that are attached to interfaces loopback0 and loopback1. Remember that BGP does not work the same way that an IGP does, and that the network statement has no impact on neighbor adjacency; it is used solely for advertising purposes.
R1(config-router-af)# network 192.168.1.0 mask 255.255.255.224 R1(config-router-af)# network 192.168.1.64 mask 255.255.255.192
c. Deactivate the IPv6 neighbors and activate the IPv4 neighbors.
R1(config-router-af)# no neighbor 2001:db8:acad:1012::2 activate R1(config-router-af)# no neighbor 2001:db8:acad:1013::3 activate R1(config-router-af)# no neighbor 2001:db8:acad:1014::3 activate R1(config-router-af)# neighbor 10.1.2.2 activate R1(config-router-af)# neighbor 10.1.3.3 activate R1(config-router-af)# neighbor 10.1.3.130 activate
Step 3: On R1, configure the IPv4 unicast address family.
a. Enter the IPv6 unicast address family configuration mode.
R1(config-router)# address-family ipv6 unicast
b. Configure network statements for the IPv6 networks that are attached to interfaces loopback0 and loopback1. Remember that BGP does not work the same way that an IGP does, and the network statement has no impact on neighbor adjacency; it is used solely for advertising purposes.
R1(config-router-af)# network 2001:db8:acad:1000::/64 R1(config-router-af)# network 2001:db8:acad:1001::/64
c. Activate the IPv6 neighbors that are configured for BGP.
R1(config-router-af)# neighbor 2001:db8:acad:1012::2 activate R1(config-router-af)# neighbor 2001:db8:acad:1013::3 activate R1(config-router-af)# neighbor 2001:db8:acad:1014::3 activate
d. Configure MP-BGP on R2 and R3 as in previous steps.
R2(config)# router bgp 500 R2(config-router)# bgp router-id 2.2.2.2 R2(config-router)# no bgp default ipv4-unicast R2(config-router)# neighbor 10.1.2.1 remote-as 6500 R2(config-router)# neighbor 10.2.3.3 remote-as 300 R2(config-router)# neighbor 2001:db8:acad:1012::1 remote-as 6500 R2(config-router)# neighbor 2001:db8:acad:1023::3 remote-as 300 R2(config-router)# address-family ipv4 R2(config-router-af)# network 192.168.2.0 mask 255.255.255.224 R2(config-router-af)# network 192.168.2.64 mask 255.255.255.192 R2(config-router-af)# neighbor 10.1.2.1 activate R2(config-router-af)# neighbor 10.2.3.3 activate R2(config-router-af)# no neighbor 2001:db8:acad:1012::1 activate R2(config-router-af)# no neighbor 2001:db8:acad:1023::3 activate R2(config-router-af)# exit-address-family R2(config-router)# address-family ipv6 R2(config-router-af)# network 2001:db8:acad:2000::/64 R2(config-router-af)# network 2001:db8:acad:2001::/64 R2(config-router-af)# neighbor 2001:db8:acad:1012::1 activate R2(config-router-af)# neighbor 2001:db8:acad:1023::3 activate R2(config-router-af)# exit-address-family R3(config)# router bgp 300 R3(config-router)# bgp router-id 3.3.3.3 R3(config-router)# no bgp default ipv4-unicast R3(config-router)# neighbor 10.1.3.1 remote-as 6500 R3(config-router)# neighbor 10.1.3.129 remote-as 6500 R3(config-router)# neighbor 10.2.3.2 remote-as 500 R3(config-router)# neighbor 2001:db8:acad:1013::1 remote-as 6500 R3(config-router)# neighbor 2001:db8:acad:1014::1 remote-as 6500 R3(config-router)# neighbor 2001:db8:acad:1023::2 remote-as 500 R3(config-router)# address-family ipv4 R3(config-router-af)# network 192.168.3.0 mask 255.255.255.224 R3(config-router-af)# network 192.168.3.64 mask 255.255.255.192 R3(config-router-af)# neighbor 10.1.3.1 activate R3(config-router-af)# neighbor 10.1.3.129 activate R3(config-router-af)# neighbor 10.2.3.2 activate R3(config-router-af)# no neighbor 2001:db8:acad:1013::1 activate R3(config-router-af)# no neighbor 2001:db8:acad:1014::1 activate R3(config-router-af)# no neighbor 2001:db8:acad:1023::2 activate R3(config-router-af)# exit-address-family R3(config-router)# address-family ipv6 R3(config-router-af)# network 2001:db8:acad:3000::/64 R3(config-router-af)# network 2001:db8:acad:3001::/64 R3(config-router-af)# neighbor 2001:db8:acad:1013::1 activate R3(config-router-af)# neighbor 2001:db8:acad:1014::1 activate R3(config-router-af)# neighbor 2001:db8:acad:1023::2 activate R3(config-router-af)# exit-address-family
Step 4: Verify that MP-BGP is operational.
a. Use the show bgp ipv4 unicast summary
and show bgp ipv6 unicast summary
commands to verify that BGP has established adjacencies and received prefixes.
R1# show bgp ipv4 unicast summary BGP router identifier 1.1.1.1, local AS number 6500 BGP table version is 9, main routing table version 9 6 network entries using 1488 bytes of memory 14 path entries using 1904 bytes of memory 5/3 BGP path/bestpath attribute entries using 1400 bytes of memory 4 BGP AS-PATH entries using 128 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 4920 total bytes of memory BGP activity 12/0 prefixes, 28/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.2.2 4 500 7 7 9 0 0 00:01:46 4 10.1.3.3 4 300 7 7 9 0 0 00:00:45 4 10.1.3.130 4 300 7 7 9 0 0 00:00:44 4 R1# show bgp ipv6 unicast summary BGP router identifier 1.1.1.1, local AS number 6500 BGP table version is 9, main routing table version 9 6 network entries using 1632 bytes of memory 14 path entries using 2128 bytes of memory 5/3 BGP path/bestpath attribute entries using 1400 bytes of memory 4 BGP AS-PATH entries using 128 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 5288 total bytes of memory BGP activity 12/0 prefixes, 28/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:DB8:ACAD:1012::2 4 500 7 7 9 0 0 00:02:08 4 2001:DB8:ACAD:1013::3 4 300 8 7 9 0 0 00:01:09 4 2001:DB8:ACAD:1014::3 4 300 8 7 9 0 0 00:01:09 4
b. Use the show bgp ipv4 unicast
and show bgp ipv6 unicast
commands to view the specified BGP tables. Note that R1 has multiple paths to each destination network. Take note of the next hop address for the destination networks marked with the “>” symbol.
R1# show bgp ipv4 unicast BGP table version is 9, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 192.168.1.0/27 0.0.0.0 0 32768 i *> 192.168.1.64/26 0.0.0.0 0 32768 i * 192.168.2.0/27 10.1.3.3 0 300 500 i * 10.1.3.130 0 300 500 i *> 10.1.2.2 0 0 500 i * 192.168.2.64/26 10.1.3.3 0 300 500 i * 10.1.3.130 0 300 500 i *> 10.1.2.2 0 0 500 i * 192.168.3.0/27 10.1.2.2 0 500 300 i *> 10.1.3.3 0 0 300 i * 10.1.3.130 0 0 300 i * 192.168.3.64/26 10.1.2.2 0 500 300 i *> 10.1.3.3 0 0 300 i * 10.1.3.130 0 0 300 i R1# show bgp ipv6 unicast BGP table version is 9, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:DB8:ACAD:1000::/64 :: 0 32768 i *> 2001:DB8:ACAD:1001::/64 :: 0 32768 i * 2001:DB8:ACAD:2000::/64 2001:DB8:ACAD:1014::3 0 300 500 i * 2001:DB8:ACAD:1013::3 0 300 500 i *> 2001:DB8:ACAD:1012::2 0 0 500 i * 2001:DB8:ACAD:2001::/64 2001:DB8:ACAD:1014::3 0 300 500 i * 2001:DB8:ACAD:1013::3 0 300 500 i *> 2001:DB8:ACAD:1012::2 0 0 500 i * 2001:DB8:ACAD:3000::/64 2001:DB8:ACAD:1012::2 0 500 300 i * 2001:DB8:ACAD:1014::3 0 0 300 i *> 2001:DB8:ACAD:1013::3 0 0 300 i * 2001:DB8:ACAD:3001::/64 2001:DB8:ACAD:1012::2 0 500 300 i * 2001:DB8:ACAD:1014::3 0 0 300 i *> 2001:DB8:ACAD:1013::3 0 0 300 i
c. Use the show ip route bgp
and show ipv6 route bgp
commands to view the routing tables. Note that there is only one route to each destination, and that the routes included in the routing table have the same next hop as those with the “>” symbol in the BGP tables.
R1# show ip route bgp | begin Gateway Gateway of last resort is not set 192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks B 192.168.2.0/27 [20/0] via 10.1.2.2, 00:06:20 B 192.168.2.64/26 [20/0] via 10.1.2.2, 00:06:20 192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks B 192.168.3.0/27 [20/0] via 10.1.3.3, 00:06:19 B 192.168.3.64/26 [20/0] via 10.1.3.3, 00:06:19 R1# show ipv6 route bgp IPv6 Routing Table - default - 15 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1 ON2 - OSPF NSSA ext 2, a - Application B 2001:DB8:ACAD:2000::/64 [20/0] via FE80::2, GigabitEthernet0/0/0 B 2001:DB8:ACAD:2001::/64 [20/0] via FE80::2, GigabitEthernet0/0/0 B 2001:DB8:ACAD:3000::/64 [20/0] via FE80::3:2, Serial0/1/0 B 2001:DB8:ACAD:3001::/64 [20/0] via FE80::3:2, Serial0/1/0
Part 3: Configure and Verify BGP Communities on all Routers
In Part 3, you will configure BGP communities and various community attributes to see their effect on routing decisions. The way these tools are being used is not meant to represent best practice, but to assess your ability to complete the required configurations.
Step 1: Configure all routers to send community information.
In this step, you will configure all of the routers to support the new-format for exchanging community information and enable sending community information to all neighbors on all routers. A BGP community is a 32-bit number that can be included as a flag or tag in a route. The BGP community can be configured and displayed as two 16 bit numbers AA:NN commonly referred to as new-format. To configure and display using the AA:NN, issue the ip bgp-community new-format
command. The first part of the AA:NN represents the AS number and the second part represents a 2-byte number.
The configuration for R1 is shown below. Use this as an example and complete the configuration on R2 and R3 on your own.
a. Issue the global configuration command that enables configuration and display of community information using the AA:NN format.
R1(config)# ip bgp-community new-format
b. Add a neighbor statement for each neighbor with the send community parameter.
R1(config)# router bgp 6500 R1(config-router)# address-family ipv4 unicast R1(config-router-af)# neighbor 10.1.2.2 send-community R1(config-router-af)# neighbor 10.1.3.3 send-community R1(config-router-af)# neighbor 10.1.3.130 send-community R1(config-router-af)# address-family ipv6 unicast R1(config-router-af)# neighbor 2001:db8:acad:1012::2 send-community R1(config-router-af)# neighbor 2001:db8:acad:1013::3 send-community R1(config-router-af)# neighbor 2001:db8:acad:1014::3 send-community R1(config-router-af)# exit R2(config)# ip bgp-community new-format R2(config)# router bgp 500 R2(config-router)# address-family ipv4 unicast R2(config-router-af)# neighbor 10.1.2.1 send-community R2(config-router-af)# neighbor 10.2.3.3 send-community R2(config-router-af)# address-family ipv6 unicast R2(config-router-af)# neighbor 2001:db8:acad:1012::1 send-community R2(config-router-af)# neighbor 2001:db8:acad:1023::3 send-community R2(config-router-af)# exit R3(config)# ip bgp-community new-format R3(config)# router bgp 300 R3(config-router)# address-family ipv4 unicast R3(config-router-af)# neighbor 10.1.3.1 send-community R3(config-router-af)# neighbor 10.1.3.129 send-community R3(config-router-af)# neighbor 10.2.3.2 send-community R3(config-router-af)# address-family ipv6 unicast R3(config-router-af)# neighbor 2001:db8:acad:1013::1 send-community R3(config-router-af)# neighbor 2001:db8:acad:1014::1 send-community R3(config-router-af)# neighbor 2001:db8:acad:1023::2 send-community R3(config-router-af)# exit
c. At this point, the routers are ready to send community information, but there is no community information available. On R2, issue the command show bgp ipv4 unicast 192.168.2.0/27
, and you will see there is no community information listed.
R2# show bgp ipv4 un 192.168.2.0/27 BGP routing table entry for 192.168.2.0/27, version 4 Paths: (1 available, best #1, table default) Advertised to update-groups: 2 Refresh Epoch 1 Local 0.0.0.0 from 0.0.0.0 (2.2.2.2) Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best rx pathid: 0, tx pathid: 0x0
Step 2: Configure and verify the effect of the no-export community.
In this step, you will configure R3 so that it sets the well-known no-export community value on the updates describing its local networks that are being sent to R1. The effect of this is that R1 will not pass along information about these paths to other eBGP neighbors.
a. On R2, issue the command show bgp ipv4 unicast 192.168.3.0/27
to see to the available BGP paths to 192.168.3.0/27 from R2.
R2# show bgp ipv4 unicast 192.168.3.0/27 BGP routing table entry for 192.168.3.0/27, version 6 Paths: (2 available, best #2, table default) Advertised to update-groups: 2 Refresh Epoch 1 6500 300 10.1.2.1 from 10.1.2.1 (1.1.1.1) Origin IGP, localpref 100, valid, external rx pathid: 0, tx pathid: 0 Refresh Epoch 1 300 10.2.3.3 from 10.2.3.3 (3.3.3.3) Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0
b. In this case, note that there are two paths, one directly from R3/ASN300 and the other from R1/ASN6500. This might not be desirable, because it sets ASN6500 up as a transit network. To fix this issue, a prefix list on R3 can be created to match the source address and mask of networks belonging to ASN300.
R3(config)# ip prefix-list LOCAL_NETWORK_COMMSET seq 5 permit 192.168.3.0/24 le 27 R3(config)# ipv6 prefix-list LOCAL_6_NETWORK_COMMSET seq 5 permit 2001:db8:acad:3000::/64 R3(config)# ipv6 prefix-list LOCAL_6_NETWORK_COMMSET seq 10 permit 2001:db8:acad:3001::/64
c. Next, build a route map for IPv4 and IPv6 on R3 that uses the prefix list to set the no-export additive community on networks matching the prefix list, and the internet additive community on networks that do not match the prefix list. By default, when setting a community, any existing communities are over-written, but can be preserved using the optional additive keyword.
R3(config)# route-map COMMSET permit 10 R3(config-route-map)# match ip address prefix-list LOCAL_NETWORK_COMMSET R3(config-route-map)# set community no-export additive R3(config-route-map)# exit R3(config)# route-map COMMSET permit 20 R3(config-route-map)# set community internet additive R3(config-route-map)# exit R3(config)# route-map COMMSET_6 permit 10 R3(config-route-map)# match ipv6 address prefix-list LOCAL_6_NETWORK_COMMSET R3(config-route-map)# set community no-export additive R3(config-route-map)# exit R3(config)# route-map COMMSET_6 permit 20 R3(config-route-map)# set community internet additive
d. Next, apply these route maps to the neighbor statements associated with R1.
R3(config)# router bgp 300 R3(config-router)# address-family ipv4 unicast R3(config-router-af)# neighbor 10.1.3.1 route-map COMMSET out R3(config-router-af)# neighbor 10.1.3.129 route-map COMMSET out R3(config-router-af)# address-family ipv6 unicast R3(config-router-af)# neighbor 2001:db8:acad:1013::1 route-map COMMSET_6 out R3(config-router-af)# neighbor 2001:db8:acad:1014::1 route-map COMMSET_6 out
e. Perform a reset of the adjacencies with the outbound traffic to R1 without tearing down the session.
R3# clear bgp ipv4 unicast 6500 out R3# clear bgp ipv6 unicast 6500 out
f. On R2, issue the command show bgp ipv4 unicast 192.168.3.0/27
to see to the available BGP paths to 192.168.3.0/27 from R2. This time, you should not see a path to 192.168.3.0/27 via the next-hop 10.1.2.1. If you use the command show bgp ipv6 unicast 2001:db8:acad:3000::/64
, you will see only one next-hop address, and that is 2001:db8:acad:1023::3.
R2# show bgp ipv4 unicast 192.168.3.0/27 BGP routing table entry for 192.168.3.0/27, version 6 Paths: (1 available, best #1, table default) Advertised to update-groups: 2 Refresh Epoch 1 300 10.2.3.3 from 10.2.3.3 (3.3.3.3) Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0 R2# show bgp ipv6 unicast 2001:db8:acad:3000::/64 BGP routing table entry for 2001:DB8:ACAD:3000::/64, version 8 Paths: (1 available, best #1, table default) Advertised to update-groups: 2 Refresh Epoch 2 300 2001:DB8:ACAD:1023::3 (FE80::3:1) from 2001:DB8:ACAD:1023::3 (3.3.3.3) Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0
Step 3: Add private community information to routes advertised by R1.
In this step, you will configure R1 so that it adds custom community strings to IPv4 and IPv6 routes that it advertises to R2/ASN500.
a. On R1, create two route maps. One route map will add the community 650:400 to all IPv4 routes advertised to R2/ASN500, and the second route map adds the community 650:600 to all IPv6 routes advertised to R2/ASN500.
R1(config)# route-map ADDCOMM permit 10 R1(config-route-map)# set community 650:400 additive R1(config-route-map)# exit R1(config)# route-map ADDCOMM_6 permit 10 R1(config-route-map)# set community 650:600 additive R1(config-route-map)# exit
b. On R1, apply the appropriate route map to the appropriate R2 neighbor statement.
R1(config)# router bgp 6500 R1(config-router)# address-family ipv4 unicast R1(config-router-af)# neighbor 10.1.2.2 route-map ADDCOMM out R1(config-router-af)# address-family ipv6 unicast R1(config-router-af)# neighbor 2001:db8:acad:1012::2 route-map ADDCOMM_6 out R1(config-router-af)# end
c. On R1, perform a reset of the adjacencies with the outbound traffic to R2 without tearing down the session.
R1# clear bgp ipv4 unicast 500 out R1# clear bgp ipv6 unicast 500 out
e. On R2, verify the community tags are present by issuing the commands show bgp ipv4 unicast 192.168.1.0/27 | i Community
and show bgp ipv6 unicast 2001:db8:acad:1000::/64 | i Community
.
R2# show bgp ipv4 unicast 192.168.1.0/27 | i Community Community: 650:400 R2# show bgp ipv6 unicast 2001:db8:acad:1000::/64 | i Community Community: 650:600
If you run those same commands on R3, you will see that the community tags are present there as well. Because Community is an optional transitive attribute, it is passed on to eBGP neighbors by default.
Step 4: Configure community-based route filtering and manipulation.
In this step, you will configure R3 so that it drops all routes coming from R2 with the 650:400 community attribute. Then configure R3 so that it sets a higher local preference for all routes coming from R2 with the 650:600 community attribute.
a. On R3, create two community lists; one that matches the 650:400 attribute and another that matches the 650:600 attribute.
R3(config)# ip community-list 100 permit 650:400 R3(config)# ip community-list 101 permit 650:600
b. On R3, create a pair of route maps that use the newly created community lists. The first route map will drop routes with the 650:400 community set and permit all others. The second route map will match the community 650:600 and set the local preference value to 250. Routes not matching the community 650:600 will not be modified.
R3(config)# route-map COMMCHECK_4 deny 10 R3(config-route-map)# match community 100 R3(config-route-map)# route-map COMMCHECK_4 permit 20 R3(config-route-map)# exit R3(config)# route-map COMMCHECK_6 permit 10 R3(config-route-map)# match community 101 R3(config-route-map)# set local-preference 250 R3(config-route-map)# route-map COMMCHECK_6 permit 20 R3(config-route-map)# exit
c. On R3, apply the appropriate route map to the appropriate R2 neighbor statement.
R3(config)# router bgp 300 R3(config-router)# address-family ipv4 unicast R3(config-router-af)# neighbor 10.2.3.2 route-map COMMCHECK_4 in R3(config-router-af)# address-family ipv6 unicast R3(config-router-af)# neighbor 2001:db8:acad:1023::2 route-map COMMCHECK_6 in R3(config-router-af)# end
d. Perform a reset of the adjacencies with the inbound traffic to R2 without tearing down the session.
R3# clear bgp ipv4 unicast 500 in R3# clear bgp ipv6 unicast 500 in
e. On R3, verify the IPv4 policy is working. Issue the command show bgp ipv4 unicast 192.168.1.0/27 | i Community
and you will see that there is no output. Follow this with the show bgp ipv4 unicast
command and you will see that there are no paths to the ASN6500 networks via R2. They have all been filtered.
R3# show bgp ipv4 unicast 192.168.1.0/27 | i Community R3# show bgp ipv4 unicast BGP table version is 9, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 192.168.1.0/27 10.1.3.1 0 0 6500 i * 10.1.3.129 0 0 6500 i *> 192.168.1.64/26 10.1.3.1 0 0 6500 i * 10.1.3.129 0 0 6500 i * 192.168.2.0/27 10.1.3.1 0 6500 500 i * 10.1.3.129 0 6500 500 i *> 10.2.3.2 0 0 500 i * 192.168.2.64/26 10.1.3.1 0 6500 500 i * 10.1.3.129 0 6500 500 i *> 10.2.3.2 0 0 500 i *> 192.168.3.0/27 0.0.0.0 0 32768 i *> 192.168.3.64/26 0.0.0.0 0 32768 i
f. On R3, verify the IPv6 policy is working. Issue the command show bgp ipv6 unicast
and note the local preference has been assigned to the ASN500 routes advertised from R2.
R3# show bgp ipv6 unicast BGP table version is 11, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:DB8:ACAD:1000::/64 2001:DB8:ACAD:1023::2 250 0 500 6500 i * 2001:DB8:ACAD:1014::1 0 0 6500 i * 2001:DB8:ACAD:1013::1 0 0 6500 i *> 2001:DB8:ACAD:1001::/64 2001:DB8:ACAD:1023::2 250 0 500 6500 i * 2001:DB8:ACAD:1014::1 0 0 6500 i * 2001:DB8:ACAD:1013::1 Network Next Hop Metric LocPrf Weight Path 0 0 6500 i * 2001:DB8:ACAD:2000::/64 2001:DB8:ACAD:1014::1 0 6500 500 i * 2001:DB8:ACAD:1013::1 0 6500 500 i *> 2001:DB8:ACAD:1023::2 0 0 500 i * 2001:DB8:ACAD:2001::/64 2001:DB8:ACAD:1014::1 0 6500 500 i * 2001:DB8:ACAD:1013::1 0 6500 500 i *> 2001:DB8:ACAD:1023::2 0 0 500 i *> 2001:DB8:ACAD:3000::/64 :: 0 32768 i *> 2001:DB8:ACAD:3001::/64 :: 0 32768 i
Reflection Questions
1. Name the three common well known communities.
The three well-known communities are Internet, No_Advertise and No_Export.
2. When setting a community inside a route map using the set community command, what is the function of the optional “additive” keyword?
By default, using the set community command removes or erases previous community information. The additive keyword preserves previous community information and adds to existing community information.
Router Interface Summary Table
Router Model | Ethernet Interface #1 | Ethernet Interface #2 | Serial Interface #1 | Serial Interface #2 |
---|---|---|---|---|
1800 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
1900 | Gigabit Ethernet 0/0 (G0/0) | Gigabit Ethernet 0/1 (G0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
2801 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/1/0 (S0/1/0) | Serial 0/1/1 (S0/1/1) |
2811 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
2900 | Gigabit Ethernet 0/0 (G0/0) | Gigabit Ethernet 0/1 (G0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
4221 | Gigabit Ethernet 0/0/0 (G0/0/0) | Gigabit Ethernet 0/0/1 (G0/0/1) | Serial 0/1/0 (S0/1/0) | Serial 0/1/1 (S0/1/1) |
4300 | Gigabit Ethernet 0/0/0 (G0/0/0) | Gigabit Ethernet 0/0/1 (G0/0/1) | Serial 0/1/0 (S0/1/0) | Serial 0/1/1 (S0/1/1) |
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.
Device Configs – Final
Router R1
R1# show run Building configuration... Current configuration : 5262 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R1 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success log ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! spanning-tree extend system-id ! redundancy mode none ! interface Loopback0 ip address 192.168.1.1 255.255.255.224 ipv6 address FE80::1:4 link-local ipv6 address 2001:DB8:ACAD:1000::1/64 ! interface Loopback1 ip address 192.168.1.65 255.255.255.192 ipv6 address FE80::1:5 link-local ipv6 address 2001:DB8:ACAD:1001::1/64 ! interface GigabitEthernet0/0/0 ip address 10.1.2.1 255.255.255.0 negotiation auto ipv6 address FE80::1:1 link-local ipv6 address 2001:DB8:ACAD:1012::1/64 ! interface GigabitEthernet0/0/1 no ip address negotiation auto ! interface Serial0/1/0 ip address 10.1.3.1 255.255.255.128 ipv6 address FE80::1:2 link-local ipv6 address 2001:DB8:ACAD:1013::1/80 ! interface Serial0/1/1 ip address 10.1.3.129 255.255.255.128 ipv6 address FE80::1:3 link-local ipv6 address 2001:DB8:ACAD:1014::1/80 ! router bgp 6500 bgp router-id 1.1.1.1 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.1.2.2 remote-as 500 neighbor 10.1.3.3 remote-as 300 neighbor 10.1.3.130 remote-as 300 neighbor 2001:DB8:ACAD:1012::2 remote-as 500 neighbor 2001:DB8:ACAD:1013::3 remote-as 300 neighbor 2001:DB8:ACAD:1014::3 remote-as 300 ! address-family ipv4 network 192.168.1.0 mask 255.255.255.224 network 192.168.1.64 mask 255.255.255.192 neighbor 10.1.2.2 activate neighbor 10.1.2.2 send-community neighbor 10.1.2.2 route-map ADDCOMM out neighbor 10.1.3.3 activate neighbor 10.1.3.3 send-community neighbor 10.1.3.130 activate neighbor 10.1.3.130 send-community exit-address-family ! address-family ipv6 network 2001:DB8:ACAD:1000::/64 network 2001:DB8:ACAD:1001::/64 neighbor 2001:DB8:ACAD:1012::2 activate neighbor 2001:DB8:ACAD:1012::2 send-community neighbor 2001:DB8:ACAD:1012::2 route-map ADDCOMM_6 out neighbor 2001:DB8:ACAD:1013::3 activate neighbor 2001:DB8:ACAD:1013::3 send-community neighbor 2001:DB8:ACAD:1014::3 activate neighbor 2001:DB8:ACAD:1014::3 send-community exit-address-family ! ip forward-protocol nd no ip http server ip http secure-server ! ip bgp-community new-format ! ! route-map ADDCOMM_6 permit 10 set community 650:600 additive ! route-map ADDCOMM permit 10 set community 650:400 additive ! control-plane ! banner motd ^C This is R1, BGP Communities Lab ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
Router R2
R2# show run Building configuration... Current configuration : 4624 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R2 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success log ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! spanning-tree extend system-id ! redundancy mode none ! interface Loopback0 ip address 192.168.2.1 255.255.255.224 ipv6 address FE80::2:3 link-local ipv6 address 2001:DB8:ACAD:2000::1/64 ! interface Loopback1 ip address 192.168.2.65 255.255.255.192 ipv6 address FE80::2:4 link-local ipv6 address 2001:DB8:ACAD:2001::1/64 ! interface GigabitEthernet0/0/0 ip address 10.1.2.2 255.255.255.0 negotiation auto ipv6 address FE80::2:1 link-local ipv6 address 2001:DB8:ACAD:1012::2/64 ! interface GigabitEthernet0/0/1 ip address 10.2.3.2 255.255.255.0 negotiation auto ipv6 address FE80::2:2 link-local ipv6 address 2001:DB8:ACAD:1023::2/64 ! router bgp 500 bgp router-id 2.2.2.2 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.1.2.1 remote-as 6500 neighbor 10.2.3.3 remote-as 300 neighbor 2001:DB8:ACAD:1012::1 remote-as 6500 neighbor 2001:DB8:ACAD:1023::3 remote-as 300 ! address-family ipv4 network 192.168.2.0 mask 255.255.255.224 network 192.168.2.64 mask 255.255.255.192 neighbor 10.1.2.1 activate neighbor 10.1.2.1 send-community neighbor 10.2.3.3 activate neighbor 10.2.3.3 send-community exit-address-family ! address-family ipv6 network 2001:DB8:ACAD:2000::/64 network 2001:DB8:ACAD:2001::/64 neighbor 2001:DB8:ACAD:1012::1 activate neighbor 2001:DB8:ACAD:1012::1 send-community neighbor 2001:DB8:ACAD:1023::3 activate neighbor 2001:DB8:ACAD:1023::3 send-community exit-address-family ! ip forward-protocol nd no ip http server ip http secure-server ! ip bgp-community new-format ! control-plane ! banner motd ^C This is R2, BGP Path Communities Lab ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
Router R3
R3# show run Building configuration... Current configuration : 6263 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R3 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success log ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! spanning-tree extend system-id ! redundancy mode none ! interface Loopback0 ip address 192.168.3.1 255.255.255.224 ipv6 address FE80::3:4 link-local ipv6 address 2001:DB8:ACAD:3000::1/64 ! interface Loopback1 ip address 192.168.3.65 255.255.255.192 ipv6 address FE80::3:5 link-local ipv6 address 2001:DB8:ACAD:3001::1/64 ! interface GigabitEthernet0/0/0 ip address 10.2.3.3 255.255.255.0 negotiation auto ipv6 address FE80::3:1 link-local ipv6 address 2001:DB8:ACAD:1023::3/64 ! interface GigabitEthernet0/0/1 no ip address negotiation auto ! interface Serial0/1/0 ip address 10.1.3.3 255.255.255.128 ipv6 address FE80::3:2 link-local ipv6 address 2001:DB8:ACAD:1013::3/80 ! interface Serial0/1/1 ip address 10.1.3.130 255.255.255.128 ipv6 address FE80::3:3 link-local ipv6 address 2001:DB8:ACAD:1014::3/80 ! router bgp 300 bgp router-id 3.3.3.3 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.1.3.1 remote-as 6500 neighbor 10.1.3.129 remote-as 6500 neighbor 10.2.3.2 remote-as 500 neighbor 2001:DB8:ACAD:1013::1 remote-as 6500 neighbor 2001:DB8:ACAD:1014::1 remote-as 6500 neighbor 2001:DB8:ACAD:1023::2 remote-as 500 ! address-family ipv4 network 192.168.3.0 mask 255.255.255.224 network 192.168.3.64 mask 255.255.255.192 neighbor 10.1.3.1 activate neighbor 10.1.3.1 send-community neighbor 10.1.3.1 route-map COMMSET out neighbor 10.1.3.129 activate neighbor 10.1.3.129 send-community neighbor 10.1.3.129 route-map COMMSET out neighbor 10.2.3.2 activate neighbor 10.2.3.2 send-community neighbor 10.2.3.2 route-map COMMCHECK_4 in exit-address-family ! address-family ipv6 network 2001:DB8:ACAD:3000::/64 network 2001:DB8:ACAD:3001::/64 neighbor 2001:DB8:ACAD:1013::1 activate neighbor 2001:DB8:ACAD:1013::1 send-community neighbor 2001:DB8:ACAD:1013::1 route-map COMMSET_6 out neighbor 2001:DB8:ACAD:1014::1 activate neighbor 2001:DB8:ACAD:1014::1 send-community neighbor 2001:DB8:ACAD:1014::1 route-map COMMSET_6 out neighbor 2001:DB8:ACAD:1023::2 activate neighbor 2001:DB8:ACAD:1023::2 send-community neighbor 2001:DB8:ACAD:1023::2 route-map COMMCHECK_6 in exit-address-family ! ip forward-protocol nd no ip http server ip http secure-server ! ip bgp-community new-format ip community-list 100 permit 650:400 ip community-list 101 permit 650:600 ! ip prefix-list LOCAL_NETWORK_COMMSET seq 5 permit 192.168.3.0/24 le 27 ! ipv6 prefix-list LOCAL_6_NETWORK_COMMSET seq 5 permit 2001:DB8:ACAD:3000::/64 ipv6 prefix-list LOCAL_6_NETWORK_COMMSET seq 10 permit 2001:DB8:ACAD:3001::/64 ! route-map COMMCHECK_4 deny 10 match community 100 ! route-map COMMCHECK_4 permit 20 ! route-map COMMCHECK_6 permit 10 match community 101 set local-preference 250 ! route-map COMMCHECK_6 permit 20 ! route-map COMMSET_6 permit 10 match ipv6 address prefix-list LOCAL_6_NETWORK_COMMSET set community no-export additive ! route-map COMMSET_6 permit 20 set community internet additive ! route-map COMMSET permit 10 match ip address prefix-list LOCAL_NETWORK_COMMSET set community no-export additive ! route-map COMMSET permit 20 set community internet additive ! control-plane ! banner motd ^C This is R3, BGP Communities Lab ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end