CCIE R&S Advanced Technologies Class v4.5

Transcript

1	Introduction	0h 43m
2	Using the Cisco Documentation	0h 52m
3	Ethernet Overview, Layer 2 Switchports, Trunking, ISL, 802.1q, DTP	0h 47m
4	VTP, VTP Authentication, VTP Pruning	1h 02m
5	VTP Prune Eligible List, VTP Transparent, VTP Troubleshooting, Trunk Allowed List, Extended VLANs	0h 48m
6	VLAN and VTP Review	0h 19m
7	SVIs, Native Routed Interfaces, Router-on-a-Stick	0h 46m
8	Layer 2 EtherChannel, EtherChannel Load Balancing, Layer 3 EtherChannel	0h 57m
9	802.1q Tunneling, Layer 2 Protocol Tunneling, EtherChannel over 802.1q Tunneling	1h 03m
10	STP Root Bridge Election, STP Root Port Election, STP Designated Port Election, STP Priority, STP Cost, STP Port-Priority	1h 06m
11	STP Review	0h 12m
12	STP Timers, STP PortFast	0h 34m
13	STP UplinkFast	0h 11m
14	STP BackboneFast	0h 12m
15	STP BPDU Filter	0h 13m
16	STP BPDU Guard	0h 11m
17	STP Root Guard	0h 11m
18	STP Loop Guard, Unidirectional Link Detection (UDLD)	0h 11m
19	Multiple Spanning-Tree Protocol (MST)	0h 40m
20	Rapid Spanning-Tree Protocol (RSTP), Rapid-PVST	0h 18m
21	MST with Multiple Regions	0h 33m
22	Flex Links	0h 16m
23	Frame Relay	0h 39m
24	Frame Relay Configuration Part 1	0h 34m
25	Frame Relay Configuration Part 2	0h 41m
26	Frame Relay Switching	0h 27m
27	Back-to-Back Frame Relay	0h 08m
28	Frame-Relay End-to-End Keepalives	0h 18m
29	PPP, PPP PAP Authentication, PPP CHAP Authentication	0h 59m
30	PPPoFR, PPPoE	0h 40m
31	Transparent Bridging, IRB	0h 32m
32	Fallback Bridging	0h 14m
33	IP Routing Overview, Switching Paths, Static Routing	0h 42m
34	Static Routing Examples	0h 25m
35	IP Default-Gateway, IP Default-Network	0h 14m
36	On-Demand Routing (ODR)	0h 07m
37	Floating Static Routes	0h 10m
38	Backup Interface	0h 29m
39	Enhanced Object Tracking, IP SLA, Reliable Static Routing	0h 21m
40	Policy Routing	0h 43m
41	GRE Tunneling, GRE Recursive Routing Errors	0h 27m
42	Reliable Backup Interface with GRE	0h 25m
43	RIP Overview, RIP Versions, RIP Auto-Summary	0h 48m
44	RIP Split-Horizon, RIP Timers	0h 22m
45	RIP Broadcast Updates, IP Directed Broadcast, IP Broadcast-Address, Smurf Attacks, Fraggle Attacks	0h 16m
46	RIP Unicast Updates	0h 03m
47	RIP Offset-List	0h 18m
48	RIP Authentication	0h 11m
49	RIP Summarization	0h 10m
50	Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering	0h 48m
51	RIP Default Routing, RIP Conditional Default Routing	0h 18m
52	RIP Triggered, RIP Validate Update Source,	0h 12m
53	EIGRP Overview	0h 29m
54	EIGRP Auto-Summary	0h 07m
55	EIGRP Split-Horizon	0h 11m
56	EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface	0h 24m
57	EIGRP Hello-Interval, EIGRP Hold-Time	0h 05m
58	EIGRP Authentication	0h 11m
59	EIGRP Time Based Authentication	0h 25m
60	EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering	0h 47m
61	EIGRP Unequal Cost Load Balancing, EIGRP Variance	0h 19m
62	EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map	0h 28m
63	EIGRP Stub Router Advertisement	0h 22m
64	EIGRP Default Routing	0h 13m
65	EIGRP Route Filtering	0h 11m
66	EIGRP Router-ID	0h 07m
67	Miscellaneous EIGRP Features	0h 02m
68	OSPF Overview	0h 27m
69	Establishing OSPF Adjacencies, Understanding the OSPF Database	0h 43m
70	OSPF Network Type Broadcast, OSPF DR/BDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint	0h 56m
71	OSPF Network Type Point-to-Point, OSPF Network Type Mismatch	0h 13m
72	OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost	0h 17m
73	OSPF Network Type Loopback	0h 02m
74	OSPF Path Selection	0h 27m
75	OSPF Convergence Timers	0h 09m
76	OSPF Authentication	0h 12m
77	OSPF Summarization	0h 32m
78	OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs	0h 40m
79	Controlling OSPF NSSA Redistribution	0h 02m
80	OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression	0h 24m
81	Route Redistribution Overview	0h 36m
82	Route Redistribution Configuration & Verification, Connected Redistribution	0h 22m
83	OSPF External Path Selection, TCL PING Scripting	0h 33m
84	Routing Loops Overview, EIGRP Route Loop Prevention	0h 55m
85	Metric Based Routing Loops, Route Tagging	0h 46m
86	Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile	0h 58m
87	BGP Overview, BGP Peering Types	0h 51m
88	Establishing BGP Peerings, EBGP Multihop, BGP Neighbor Disable Connected Check, BGP TTL Security	0h 49m
89	BGP 4-Byte ASNs	0h 20m
90	BGP Local AS, BGP Peer Groups	0h 30m
91	BGP Next-Hop Self, BGP Next-Hop Processing	0h 30m
92	BGP Route Reflectors	0h 37m
93	Large Scale BGP Route Reflectors with Clusters	0h 34m
94	BGP Confederation	0h 37m
95	BGP NLRI Advertisements, BGP Network Statement, BGP Redistribution	0h 43m
96	BGP Aggregation, BGP Aggregation & Summary-Only, BGP Aggregation & Unsuppress-Map	0h 46m
97	BGP Origin, BGP Aggregation & AS-Set, BGP Aggregation & Advertise-Map	0h 22m
98	BGP Conditional Route Injection	0h 21m
99	BGP Bestpath Selection, BGP Multipath, BGP Weight	0h 53m
100	BGP Local Preference, BGP Local Preference and Communities, BGP AS-Path Prepending,	0h 30m
101	BGP MED, BGP MED Missing As Worst, BGP Deterministic MED	0h 17m
102	BGP Communites, BGP Regular Expressions	0h 43m
103	BGP Filtering, BGP Convergence Timers, BGP Default Routing, Miscellaneous BGP Features	0h 24m
104	MPLS Overview, MPLS Label Distribution Protocol (LDP)	1h 05m
105	MPLS Tunnels, MPLS Penultimate Hop Popping (PHP)	0h 40m
106	MPLS Layer 3 VPNs Overview, VRF Lite	0h 36m
107	MPLS Layer 3 VPNs and VPNv4 BGP	1h 08m
108	MPLS Layer 3 VPN Verification & Troubleshooting	0h 49m
109	MPLS Layer 3 VPN OSPF PE-CE Routing Overview	0h 06m
110	MPLS Layer 3 VPN OSPF PE-CE Routing Path Selection & Sham-Links	2h 01m
111	MPLS Layer 3 VPN OSPF PE-CE Routing Loop Prevention & Down-Bit, OSPF Capability VRF-Lite	0h 40m
112	IPv6 Overview, IPv6 ICMPv6 ND, IPv6 over NBMA	0h 44m
113	IPv6 Routing Overview, IPv6 Static Routing	0h 28m
114	IPv6 RIPng	0h 20m
115	IPv6 EIGRPv6	0h 09m
116	IPv6 OSPFv3	0h 31m
117	MP-BGP for IPv6	0h 26m
118	IPv6 Tunneling	1h 13m
119	Multicast Overview, IGMP	0h 34m
120	PIM Overview	0h 18m
121	PIM Dense Mode	1h 03m
122	PIM Sparse Mode	0h 30m
123	PIM Sparse Mode Configuration	0h 36m
124	PIM Sparse Mode RPF & RP Troubleshooting	0h 27m
125	Auto-RP, Multicast over GRE Tunnels	0h 53m
126	Bootstrap Router (BSR), Bidirectional PIM, Source Specific Multicast (SSM)	0h 40m
127	MSDP, Anycast RP	0h 27m
128	IPv6 Multicast Routing	0h 24m
129	QoS Overview, IntServ QoS, DiffServ QoS, IP Precedence, DSCP, MQC, HQF	0h 41m
130	MQC Classification	0h 44m
131	FIFO, FQ, WFQ, CBWFQ, HQF	0h 50m
132	LLQ	0h 23m
133	WRED	0h 31m
134	Traffic Shaping, Traffic Policing	0h 40m
135	Frame Relay Traffic Shaping (FRTS)	0h 33m
136	RSVP	0h 07m
137	Catalyst 3560 QoS	1h 00m
138	IOS Security Overview, Access Lists (ACLs)	0h 58m
139	Time Based ACLs, Dynamic ACLs	0h 33m
140	Reflexive ACLs	0h 21m
141	TCP Intercept, Content Based Access Control (CBAC)	0h 34m
142	Zone Based Policy Firewall (ZBPF)	1h 09m
143	AAA, Local Authentication, Local Authorization, Role Based CLI Access	0h 43m
144	Port Security, Static CAM Entries, Storm Control, 802.1X Authentication, PACLs, RACLs, VLAN Access Maps (VACLs)	0h 48m
145	DHCP Snooping, Dynamic ARP Inspection (DAI), IP Source Guard	0h 12m
146	Protected Ports, Private VLANs	0h 25m
147	IP Services Overview, HSRP	1h 10m
148	VRRP, GLBP	0h 28m
149	NAT	0h 42m
150	DHCP, DNS	0h 30m
151	NetFlow	0h 09m
152	WCCP, Miscellaneous IP Services	0h 06m
153	System Management Overview, NTP, NTP Authentication	0h 24m
154	SNMP, RMON	0h 38m
155	Syslog, Telnet, SSH, Banners	0h 21m
156	EEM Scripting, Miscellaneous System Management	0h 26m
Total Duration		81h 02m

Slides - Diagrams

Slides - Introduction

Slides - Ethernet Switching

Slides - Advanced Ethernet Switching

Slides - Frame Relay

Slides - PPP

Slides - Transport Bridging

Slides - Redistribution

Slides - IOS Security

Slides - Layer 2 Security

Slides - IP Services

Slides - System Management

0:00:14	In our next section for BGP here, we're gonna look at another alternative
0:00:18	to either full mesh of iBGP peerings or route reflection,
0:00:22	which is BGP confederations.
0:00:25	Now, essentially, BGP confederations are when we take the entire autonomous system,
0:00:31	and we split it down into smaller manageable sub-autonomous systems.
0:00:36	So, we could think of this as the same type of logic
0:00:38	as we have clusters in route reflection,
0:00:41	but based on the normal loop prevention mechanisms of EBGP,
0:00:47	we're combining the same logic of smaller more manageable parts of the autonomous system,
0:00:52	and the loop prevention mechanism based on the autonomous system path.
0:00:58	Now, with confederation,
0:01:00	any type of BGP relationship inside of the sub-AS
0:01:04	is still gonna fall under the requirement of having either a full mesh of peerings,
0:01:08	or route reflection.
0:01:11	The change in confederation
0:01:13	is going to be for any updates that are exchanged between the sub-AS's,
0:01:18	between what is now known as the confederation EBGP peers.
0:01:23	Now, additionally, from devices outside of the confederation,
0:01:27	they do not know about the internal structure,
0:01:29	because the sub-autonomous system numbers will be stripped from the advertisements
0:01:34	as they go to the true EBGP peers,
0:01:37	or someone who is outside of our AS,
0:01:39	and not part of the confederation.
0:01:43	In the vast majority of implementations for confederation,
0:01:47	we would see that the private autonomous system numbers,
0:01:50	which are the last 1024 addresses in the range would be used,
0:01:55	but technically, you could use any value.
0:01:58	The reason generally that the private AS range is used
0:02:02	is to make sure that we do not receive updates from the global Internet
0:02:05	where the autonomous system matches our sub-AS number.
0:02:10	So, for example, if I were to define my sub-AS number as 100,
0:02:14	what essentially mean that any real updates coming from AS 100 on the Internet
0:02:19	would not be able to be received in that sub-AS.
0:02:24	Because instead of using the clustered list
0:02:26	that we were using for the route reflectors,
0:02:29	we're simply using the autonomous system path in order to prevent the loops.
0:02:34	Now, the configuration for the confederation is pretty straightforward.
0:02:39	We have just a couple new commands that we need to add on,
0:02:42	where when we initialize the BGP process to begin with,
0:02:45	we're now gonna specify the sub-autonomous system number
0:02:49	as opposed to the global autonomous system number.
0:02:54	Within the scope of the lab exam,
0:02:56	this would mean that we need to determine whether or not we're gonna do confederation
0:03:01	before we start any of our BGP configs.
0:03:05	Otherwise, we could get an hour to our BGP configuration,
0:03:08	and then realize we need to go back in and delete all the previous work
0:03:12	because we need to change the global autonomous system number
0:03:15	to the sub-autonomous system number.
0:03:19	So again, our first step is to initialize the BGP process with the sub-AS number,
0:03:24	then, to tell the process what is the actual global autonomous system number
0:03:29	that the confederation is part of.
0:03:31	So, we could say for example, Router BGP 65.0.0.1
0:03:36	as our sub-AS number.
0:03:38	Then, the BGP configuration ID would be 100,
0:03:41	where 100 is our publicly registered address with IANA.
0:03:47	Now, additionally,in order to...
0:03:49	tell the difference between a true EBGP peer,
0:03:53	and a confederation EBGP peer,
0:03:55	any routers on the edge of the sub-AS
0:03:58	will need to specify which of their direct neighbors
0:04:02	are confederation peers versus true EBGP peers.
0:04:07	Now, the key with this third command, BGP confederation peers,
0:04:11	it only needs to be configured on the sub-autonomous system edge
0:04:16	and only for the sub-autonomous systems that we are directly peering with.
0:04:20	Now, if we were to look at this within the scope of our diagram,
0:04:25	we're gonna take AS 100
0:04:27	and split it into a few smaller sub-AS's.
0:04:32	We'll say that between routers 1, 4, and 6,
0:04:37	this is going to be made up of AS 65.1.4.6.
0:04:43	Then, between routers 3,
0:04:47	switch 1, and switch 3,
0:04:51	we'll say that this is going to be 65.3.7.9.
0:04:56	Between router 5,
0:04:59	switch 2, and switch 4,
0:05:02	we'll say this is As 6500, or 65,000.
0:05:07	So, the actual values that we're using are fairly arbitrary.
0:05:11	As long as they're not overlapping multiple times within our main autonomous system,
0:05:16	because now, the inter-confederation communication,
0:05:19	the routes that are advertised from 3 to 5,
0:05:22	from 5 to 1, from 1 to 3,
0:05:25	these are gonna use the sub-autonomous system number
0:05:29	pre-pended on to any of the routes
0:05:31	in order to prevent the case
0:05:33	where a route comes in from BB1 to router 6,
0:05:38	6 sends it to 1, 1 sends it to 3, 3 sends it to 5, and then 5 sends it back to 1.
0:05:46	Now, we would see in the actual updating procedure
0:05:49	that router 5 will return the update to router 1,
0:05:54	but once router 1 receives this inbound,
0:05:56	since its own autonomous system is in the path,
0:05:59	the update is gonna be denied.
0:06:03	So, we end up in the same logic as we did with the
0:06:05	multiple clusters for route reflection,
0:06:08	where the actual exchange of the control plane
0:06:11	is still independent of the forwarding in the data plane.
0:06:15	Because again, regardless of what type of iBGP peers we're using,
0:06:20	whether that these are...
0:06:23	regular iBGP peers,
0:06:25	a route reflector's client, a route reflector's non-client,
0:06:28	or confederation EBGP peers,
0:06:31	we're never going to automatically modify the next hop value
0:06:34	unless we manually tell the router next hop self,
0:06:38	or we manually use a route map in order to modify the next hop.
0:06:45	So, in our design here with the different sub-AS's,
0:06:48	it means that when BB1 sends a route to 6,
0:06:51	6 passes it to 1, 1 sends it to 3, 3 sends it to 5,
0:06:56	5 should still see the next hop value
0:06:59	as the peering address between router 6 and BB1.
0:07:04	This would then allow the internal network to use the shortest IGP path
0:07:09	in order to get to the network edge.
0:07:12	So again, the key with the BGP actual routing of the traffic
0:07:17	is that it ultimately is dependent on IGP.
0:07:20	BGP is used as just a control plane mechanism to exchange the prefix and the next hop.
0:07:26	It's ultimately up to IGP to figure out how we route towards the next hop,
0:07:31	which then ultimately affects
0:07:34	what the exit point is out of our network.
0:07:40	Now, to implement this confederation,
0:07:42	this would the assume that we would have to remove
0:07:45	our previous configuration for BGP,
0:07:47	and re-initialize the BGP process with the new sub-autonomous system numbers.
0:07:53	So first, let's start on router 1,
0:07:56	where I have previously removed the BGP 100 config.
0:08:03	So, on router 1, we'll say Router BGP 100.
0:08:06	Actually, excuse me, not Router BGP 100.
0:08:09	Router BGP 65146, where this is the sub-autonomous system number.
0:08:18	The BGP confederation identifier is 100.
0:08:23	We are going to peer with router 4
0:08:28	in our same autonomous system, which is AS...
0:08:32	now, 65146.
0:08:34	And router 6,
0:08:38	we're going to peer with router 5
0:08:43	who is in 65000.
0:08:47	And router 3
0:08:53	who is in AS 65...
0:08:57	65379.
0:09:00	Now again, whether we use the physical address, or whether we use the loopback,
0:09:04	it's really not gonna make a difference
0:09:06	because the ultimate routing of traffic is still gonna be based on the next hop
0:09:10	that is for the external link
0:09:12	out of the network.
0:09:14	We're only gonna rely on the internal information if we're modifying the next hop value
0:09:18	to be something that's already part of our internal IGP path.
0:09:25	Now, since router 1 is peering with these other two sub-autonomous systems,
0:09:30	it implies that these have to be part of the BGP confederation peers list.
0:09:36	So, the confederation peers are 65000 and 65379.
0:09:44	From router 4 and 6's perspective,
0:09:47	since they are not going to directly peer with router 5 and router 3,
0:09:51	they will not need to specify who the confederation peers are.
0:09:56	It's only the devices that have to direct
0:09:59	confederation EBGP peerings that need to specify this command.
0:10:04	Now, it's really not going to affect anything if we add this command on 4 and 6.
0:10:07	It's just extra config that does not need to be in the...
0:10:11	the configuration, just extra commands.
0:10:15	So now, on router 4 and 6,
0:10:18	BGP 100. Actually, not BGP 100.
0:10:21	BGP 65146.
0:10:26	The BGP confederation ID is 100.
0:10:30	We are peering with...
0:10:33	router 1.
0:10:34	So, 155.28.146.1
0:10:39	who is in our same sub-AS.
0:10:43	I'm also peering with the...
0:10:48	backbone router 204.12.28.254.
0:10:55	Remote AS...
0:11:00	Remote AS 54.
0:11:03	And if we look at the Show IP EIGRP Interfaces,
0:11:08	I do have EIGRP enabled on...
0:11:12	Or I should have EIGRP enabled on that particular link.
0:11:15	If we Show IP...
0:11:19	Route Connected, this is Fast Ethernet 0/0.
0:11:24	And under the EIGRP process,
0:11:31	I do have a network statement for that link.
0:11:34	So, this means that when router 4 address these EBGP routes into the iBGP network,
0:11:40	we're not gonna need to modify the next hop value,
0:11:42	because the exit points
0:11:44	are already advertised into IGP.
0:11:49	So, let's look at our final configuration here, Show Run Section Router BGP.
0:11:54	We're peering with router 1 internal to our topology, and we're peering with the...
0:12:00	external neighbor. So, router 6 is essentially gonna say the same thing.
0:12:06	It's also peering with its external neighbor,
0:12:09	which is 54.28.1.254.
0:12:22	Next, we need the peerings between routers 3, switch 1, and switch 3.
0:12:31	Where on router 3, this is gonna be BGP 65379
0:12:36	with the BGP confederation ID of 100.
0:12:40	Its BGP confederation peers will be both router 1 and 5,
0:12:45	therefore, we have 65146 and 65000.
0:12:53	Our internal neighbors are 155.28.37.7,
0:13:01	which is switch 1.
0:13:07	And 79.9 which is switch 3.
0:13:13	So again, this could be the loopback interfaces.
0:13:16	It doesn't really matter what the values are as long as its something that we agree
0:13:20	on the TCP transit path towards.
0:13:24	So, when I do a traceroute
0:13:27	that goes to 155.28.79.9,
0:13:32	I'm sourcing this from my 37.3 address.
0:13:36	So, that means that's what both switch 1
0:13:39	and switch 3 would need to use on the return path.
0:13:45	On switch 1, we'll say, Router BGP 65379.
0:13:50	BGP configuration ID is 100.
0:13:54	And we are peering with 155.28.37.3
0:13:59	who is part of...
0:14:02	remote AS's the same as ours.
0:14:09	Switch 3 will essentially have the same identical config.
0:14:15	Notice that in some of these new versions,
0:14:18	path MTU discovery is automatically on for BGP.
0:14:22	This would prevent any cases where we have MTU values
0:14:26	that are lower on parts of the topology
0:14:29	versus other ones.
0:14:31	So, maybe on our Ethernet interfaces, we have 1500,
0:14:34	but then, we're doing some sort of maybe GRE tunneling, or IP Sec tunneling
0:14:38	that's gonna lower the maximum segment size for TCP,
0:14:43	we would wanna make sure that the TCP control plane
0:14:45	knows what the minimum MTU along that path is.
0:14:49	So, this is path MTU discovery from the router itself, not from an end client.
0:15:01	Then, on router 5, we're gonna have BGP 65000.
0:15:05	Our BGP confederation ID is 100.
0:15:09	Our BGP confederation peers,
0:15:13	our 65146 and 65379.
0:15:17	I'm peering with router 1
0:15:22	who is in 65146.
0:15:26	And router 6 who is in 65379.
0:15:31	So again, as you can tell,
0:15:32	a lot of this BGP is very configuration intensive.
0:15:35	So, it would make sense to have some sort of list
0:15:38	of the peerings to make sure that we're configuring all of the neighbor statements properly.
0:15:45	Then, router 5 is gonna peer with...
0:15:47	switch 2
0:15:51	in 65000,
0:15:54	and switch 4,
0:15:57	which is 108.10.
0:16:03	Switch 2 and 4, we'll have an identical configs.
0:16:06	65000 is the sub-AS.
0:16:09	The real AS is 100.
0:16:14	We're peering with router 5's address.
0:16:21	Remote AS 65000.
0:16:30	Then, I can take the same identical config and put it on to switch 4.
0:16:37	Now, one other thing to note about the confederation EBGP peers
0:16:41	from 1 to 5, from 5 to 3, and from 1 to 3,
0:16:46	since this technically counts as an EBGP peering,
0:16:49	it would also imply that the Time To Live of the packet is 1.
0:16:55	So, if router 1 and router 3 are multiple hops away,
0:16:57	we would need to have the EBGP multi-hop command.
0:17:06	So now, let's look at all of our EBGP peerings. Let's say...
0:17:09	on everyone, Show...
0:17:13	Show IP BGP Summary.
0:17:20	And our final peerings...
0:17:26	should look like this, where we have 3 to switch 1, 3 to switch 3,
0:17:31	3 to 1,
0:17:33	1 to 4 and 6,
0:17:36	1 to 5,
0:17:37	5 to 3,
0:17:40	then, 5 to...
0:17:43	switch 4 and switch 2.
0:17:46	Now, notice inside the sub-autonomous systems with my configuration so far,
0:17:50	I did not configure routers 1, 3, and 5 as route reflectors.
0:17:55	So, what this would mean is that if switch 3 generates a BGP update,
0:18:01	it would not be received by switch 1.
0:18:05	Because from router 3's perspective, both of these neighbors are regular iBGP peers.
0:18:10	Unless router 3 were a route reflector,
0:18:12	it would not be able to exchange those updates between those neighbors.
0:18:18	Now, if I did want to exchange updates from switch 1 to switch 3,
0:18:21	I have two options.
0:18:23	Either I could directly peer them,
0:18:26	or I could configure router 3 as a route reflector.
0:18:31	But without either the requirement of the full mesh or the route reflection,
0:18:35	we could potentially have an incomplete exchange of the routing updates.
0:18:42	Then lastly, we'll have a peering between router 2 and 5,
0:18:45	and router 3 and 2.
0:18:54	On router 3, we see, we have the peerings of switch 1...
0:18:59	and switch 3, so I'm missing a couple here.
0:19:08	This would be router 1
0:19:10	who is in 65146.
0:19:15	Router 5
0:19:16	who is in...
0:19:19	65000.
0:19:22	And router 2
0:19:25	who is in 200.
0:19:43	Router 1 has the peering to 3,
0:19:46	but then, the peerings to 4 and 6 are not up.
0:19:49	So, next thing I would wanna check is
0:19:51	do the neighbor statements match on the other end of the link?
0:19:54	From 4 and 6,
0:19:57	Show IP BGP Summary.
0:19:59	I have the neighbor statement there, but notice it's the wrong address.
0:20:01	So, I put it 25 instead of a 28.
0:20:05	As you can see, this is definitely a key point
0:20:07	that we need to verify that all of the peerings are working
0:20:11	before we move on to any of the other configuration.
0:20:14	Because a minor mistake, just a one-digit typo here,
0:20:18	it's gonna have a large effect on the operation of the network.
0:20:22	So, I don't wanna be peering with that address.
0:20:26	This should instead... Actually, no. That was the correct one.
0:20:33	I don't wanna peer with...
0:20:37	that address.
0:20:42	Instead, this should be 155.28.146.1
0:20:50	Then the same thing on router 6.
0:20:59	Now, you can notice if I put the wrong autonomous system number in there,
0:21:04	the parser is gonna tell me what the value is configured.
0:21:06	So, this way, you wouldn't have to conitnue with the reference, the configuration.
0:21:10	If you forgot what the value is,
0:21:13	you can just type in any random number
0:21:14	and it's gonna spit back what the configured value is.
0:21:19	So, now, let's check on router 1, let's look at the Show IP BGP Summary again.
0:21:23	It says that all of its peers are up.
0:21:26	Then router 5, if we Show IP BGP Summary,
0:21:30	it's peering with 1, 3, switch 2 and switch 4, which is correct.
0:21:36	In addition to...
0:21:41	router 2. So, 155.28.0.2 Remote AS 200
0:21:57	So, now, it looks like all of the peerings are up.
0:22:01	The next thing we would need to do is look at the actual exchange of the updates.
0:22:06	I wanna know when router 6 is learning an update in from AS 54.
0:22:14	Is this properly being replicated to 1?
0:22:17	And then from 1 to the other sub AS's,
0:22:22	down to the individual peers of the sub AS's,
0:22:27	is this then going to AS 200.
0:22:31	And when these updates reach AS 200,
0:22:34	is the sub AS autonomous system path list stripped?
0:22:40	This means that from router 2's perspective,
0:22:41	it should not see 65379, 65146 or 65000 in the AS path list.
0:22:49	From 2's perspective, anything that was originated in AS 54
0:22:53	should have an AS path list that reads 100 54
0:23:00	Only inside of the confederation
0:23:03	will those devices know what the sub-autonomous system numbers are.
0:23:08	If we look at router 2 and Show IP BGP,
0:23:14	we see that we do have the prefixes that were originated in AS 54.
0:23:21	But none of the sub AS numbers are listed.
0:23:25	Also we can see we're learning these updates both from router 5 and from router 3.
0:23:35	Inside the sub AS's, if we were to look at switch 1 and Show IP BGP,
0:23:43	we see inside parenthesis, what are the particular sub-autonomous systems
0:23:50	that that path is passing through.
0:23:54	If we were to look at this on the edge of the sub AS's,
0:23:58	we see multiple possible paths.
0:24:00	Router 3 is saying, "To get to AS 54, I have two routes."
0:24:06	One of them could go to router 1.
0:24:09	One of them could go to router 5 and then to AS 65146.
0:24:15	In which case, we're gonna pick the shorter autonomous system path.
0:24:24	Now, there are a few commands that are related to the best path selection
0:24:28	that are specific to confederation designs as opposed to the regular configurations.
0:24:34	And also a special community attribute that is specific to the confederations.
0:24:41	If we look under the BGP configuration, BGP AS 651 or 65379,
0:24:52	If we look at the BGP sub commands,
0:24:56	there's a couple of things that would be important to point out here.
0:25:01	One of them is the...
0:25:10	BGP best path med confed,
0:25:16	which would say that between our confederation peers,
0:25:20	we could compare the multi-exit discriminator
0:25:24	to figure out which particular path that we would choose.
0:25:28	Also under the community attributes, if we were to configure a route-map that says,
0:25:37	Set Communities
0:25:40	If we set the community that is local AS,
0:25:47	which is also sometimes known as No Export Sub Confed,
0:25:52	this means that prefixes inside the community local autonomous system,
0:25:56	will not go outside of the sub-autonomous system.
0:26:00	Whereas inside confederation, any prefix that is tag with no export,
0:26:05	would be advertised between the confederation EBGP peers,
0:26:10	but not the true EBGP peers.
0:26:15	Now, from our particular design, if we were to say
0:26:20	that as I receive an update in from BB1,
0:26:26	If I were to set this to be No Export,
0:26:31	and assuming that I am actually exchanging the community attributes between all the neighbors,
0:26:35	it would mean that this update could go from 6 to 1,
0:26:39	1 to 3, 3 down to switch 1 and switch 3.
0:26:44	1 to 5, 5 down to switch 2 and switch 4.
0:26:48	But routers 5 and 3 would not send this to 2.
0:26:54	So, no export will say, "Do not advertise the prefix to our true EBGP peer."
0:27:00	But we can advertise it between confederation EBGP peers.
0:27:06	The community local autonomous system
0:27:08	would say that as router 6 is receiving the prefix,
0:27:12	if we were to send this, set this to local AS,
0:27:17	the update could go to router 1 and to router 4,
0:27:20	but 4 would not send it to BB3.
0:27:23	Router 1 would not be able to send it to 5 or 3.
0:27:30	So, effectively, it depends on whether we want the prefix to be constrained to the entire confederation
0:27:36	or just that individual sub-autonomous system.
0:27:40	For configurations that do not relate to confederation,
0:27:43	local AS and No Export would behave the same.
0:27:48	It's only when we're dealing with confederations
0:27:50	that there's a difference between local AS and No Export.
0:27:57	So, if we look at our full configuration here, let's say,
0:28:01	Show Run Section Router BGP,
0:28:12	for devices that are not peering with other sub-autonomous systems,
0:28:17	we do not need to specify the BGP confederation peers.
0:28:21	From router 6's perspective, it has a true EBGP peer, which is AS 54.
0:28:27	And a confederation iBGP peer, which is router 1.
0:28:33	Since our autonomous system matches router 1's,
0:28:36	that's treated as normal iBGP.
0:28:40	However from router 1's prespective,
0:28:44	since it has 65146 as the local autonomous system,
0:28:51	these two neighbors then would be treated aas iBGP peers.
0:28:57	These two neighbors would be treated as EBGP peers.
0:29:01	Unless we specify that they are really part of the confederation.
0:29:07	This is why the BGP confederation peers command
0:29:10	is required on the edge of the sub autonomous system
0:29:14	because techincally the number values of the AS's are arbitrary.
0:29:20	We could use any values for the sub-autonomous sytem.
0:29:24	It's just typical that the private autonomous system numbers are used
0:29:27	to prevent the case where an actual update from the BGP network
0:29:32	would be denied from the confederation.
0:29:36	So, we're assuming that no one in the public Internet is actually gonna use 65146.
0:29:41	That's why it's part of the confederation.
0:29:42	But I could just easily say that this is AS 1000.
0:29:47	But then it would mean I would not be able to receive updates from someone who is actually is in AS 1000.
0:29:56	Again, if we look at teh autonomous system path for any of these prefixes,
0:30:02	the ones that are passing through confederation
0:30:05	will have the sub autonomous systems inside of parenthesis.
0:30:10	If I were to look for the AS path and try to match the confederation list
0:30:18	with a regular expression, it would then mean
0:30:20	I need to match the characters open parenthesis and close parenthesis.
0:30:26	The way we could do this, is inside the regular expression.
0:30:30	If I were to say Show IP BGP Regular Expression.
0:30:35	And look for anything that has the open parenthesis and close parenthesis.
0:30:47	This by default is going to match everything
0:30:51	because the parenthesis are used as a mathematical grouping.
0:30:55	So I need to match the literal characters open parenthesis and close parenthesis.
0:30:59	The way that we do this is first by escaping the character with the backslash \.
0:31:04	So if I say backslash open parenthesis backslash close parenthesis ,
0:31:08	then inside of there, I have any numbers.
0:31:12	So, I could say dot-star $.*$ inside of there,
0:31:17	this would be anything that is learned from my confederation peers.
0:31:24	Because I need to match the literal characters open parenthesis and close parenthesis.
0:31:33	For a reference on this characters,
0:31:35	it's not very obvious where this is located in the documentation.
0:31:39	If we go to the 12.4 T configuration guide,
0:31:43	then all the way down to the end under the terminal services,
0:31:55	under the appendix is regular expressions.
0:32:00	So, this document is useful to figure out what are the single character patterns.
0:32:08	Or it says the dot is any single character.
0:32:11	The backslash is for escaping.
0:32:14	A character, escaping special characters.
0:32:17	So, if I wanted to match an actual dot, I would need to say backslash dot.
0:32:23	If I want to match the parenthesis, I would need to say backslash parenthesis.
0:32:28	The open-close brackets, those are gonna be a range of numbers.
0:32:33	So, if I said, open brackets 0-9 close brackets,
0:32:37	it would mean a range of numbers 0 through 9.
0:32:42	Caret is the beginning of the string, dollar sign is the end of the string.
0:32:46	Question mark is 0 or 1 of the previous pattern,
0:32:51	where plus is 1 or more.
0:32:54	And asterisk is 0 or more.
0:32:58	So, we'll get in to more examples of regular expressions later when we get into best path selection.
0:33:04	But the keypoint being here that for confederation,
0:33:07	the AS path information is constrained inside the parenthesis.
0:33:11	So, anytime we wanna match that in a regular expression,
0:33:13	we would have to match teh literal character open and close parenthesis.
0:33:21	Again, that previous document that we looked at the BGP case studies,
0:33:26	you'll also see some examples of the confederations here
0:33:28	if you search for BGP case studies.
0:33:37	Then here, the route reflection, we have the BGP confederations.
0:33:43	So, as you can see, from their diagram, it's fairly similar to the route reflection.
0:33:47	The only difference is that instead of using the cluster list for the loop prevention,
0:33:53	we're now using the autonomous system path
0:33:56	that is exchanged between the confederation EBGP peers.
0:34:01	Now, if I were to go to router 5, and look at the Debug IP BGP Updates,
0:34:10	then I will say, actually, let's look at this on 1, 3, and 5.
0:34:16	Debug IP BGP Updates.
0:34:25	Then on router 6,
0:34:29	I'll do a hard clear of the remote neighbor, Clear IP BGP 54.28.1.254.
0:34:38	This is gonna cause a withdraw message of the previous advertisements that router 6 was doing.
0:34:44	Then once the neighbor comes back, it's gonna have a new update message being generated.
0:34:49	If I were to look at router 5 or router 3,
0:34:52	what eventually we're going to see...
0:34:59	is actually that router 1 must be choosing router 4. Let's say Show IP BGP...
0:35:06	Which it is. I'll need to do this clear on router 4. Let's say Clear IP BGP 204.12.28.254.
0:35:16	This causes router 1 to receive a withdraw message.
0:35:33	So, the first thing that happens, router 4 says,
0:35:35	"I no longer have a route to these prefix, I'm sending a withdraw."
0:35:40	This means that we need to remove them from the BGP table.
0:35:44	It says, "I'm now updating the routing table with the alternate path."
0:35:48	Which is via 54.28.1.254
0:35:51	This also means that I now need to change my BGP advertisement.
0:35:55	So, router 1 is gonna send an update.
0:35:59	It says that the prefix is this. The next hop is this value.
0:36:04	And this is going out to router 5.
0:36:07	When it is received by 5, 5 is gonna send the update
0:36:15	to 3.
0:36:17	3 is gonna send it back to 1.
0:36:21	Because there's nothing preventing the loop of the actual advertisement of the update.
0:36:25	However, once router 1 receives this back inbound,
0:36:29	it says, "From router 3, I'm receiving updates that have my own autonomous system in the path."
0:36:37	Which is AS 65146
0:36:42	So, I now know when these updates come in from router 3, I need to discard those.
0:36:46	Then likewise, the same thing would occur when we're receiving the updates in from 5.
0:36:50	The update goes from us to router 3 then to router 5.
0:36:57	So, we see from our autonomous system to router 3 to router 5,
0:37:01	we are receiving this back inbound
0:37:03	but we're now gonna filter them out because they contain our own autonomous system path.
0:37:11	So, as long as the routers on the edge of the sub AS
0:37:15	agree on who their confederation EBGP peers are.
0:37:20	Then the AS path information automatically should be correctly built
0:37:26	and will prevent loops between the sub autonomous sytems.
0:37:31	From any device outside of the AS, like on router 2,
0:37:35	there's no special configuration on their BGP process.
0:37:38	So, rotuer 2 does not know that either 5 or 3 are in confederation.
0:37:42	They simply see in the update messages the AS number 100
0:37:48	coming from any of these neighbors.

Now Viewing

CCIE R&S Advanced Technologies Class v4.5
Title:	CCIE R&S Advanced Technologies Class v4.5
Duration:	81h 02m
The CCIE Routing & Switching Advanced Technologies Class is the first step in understanding CCIE level technologies and is a companion to the Advanced Technologies Lab Workbook. Each technology you need to know for the CCIE Routing & Switching lab will be described in detail using an instructor led hands on demonstration. The class consists of over 80 hours of in depth explanations and examples.
Get instant access to our entire library!
	Sign Up
Download this Course
$299.00	Add to Cart

BGP Confederation

Create Bookmark