I’m stuck deep in Junos these days.  I mean deep.  I have an F5 load balancer and an ASA 5520; the rest of my stuff is Juniper.  That means I have some learning to do.

Here’s one of the basics in Junos - configuring BGP.  I guess I’ve always said that BGP is BGP.  How much different can it  be from IOS?  Well, the end result is the same, but it’s different enough to have to look up how to do it.  :)  The first difference is the fact that all BGP configuration is done with groups just like peer groups in IOS.  You can act like you’re configuring neighbors, but there’s no way around using groups.  After going back and forth, I just settled with an group for eBGP neighbors and another for iBGP neighbors.  If settings are different, I just set them in the neighbor.  Here’s an example of that.

Man, time is hard to come by of late.  I’ve had so little time to rest that’s it’s hard to get my thoughts together.  It’s a good thing in this case, though, since it’s my fantastic job that’s taking all my time.  It’s great to see new network and learn their internals…especially when they were designed by some long-time CCIEs who actually knew what they were doing.

One of the big things that I’m dealing with lately is VRFs.  I’ve implemented some VRF-lite stuff, but I’ve never had any practical experience with the full force of them.  I’m definitely learning here.  Since the blog here is really about my sharing what I’ve learned, let’s go through something that came up recently - terminating VPNs on one VRF while passing traffic to another.

This is required blogging…and reading for that matter.  A good chunk of this is taken from my CCNP posts from last year.  Corrections, please.

How does a BGP router decide which BGP route is the best?

Next-hop : Does the router have a route to the next-hop?

Weight : This is a numeric value where bigger is better.  Weight is not passed onto other peers and is a Cisco proprietary feature.

Make my corrections!  Please!

Well-known mandatory : These PAs must be recognized by all BGP routers and passed along to other peers.

Well-known discretionary : These PAs do not need to be in every update, but they must be recognized by all BGP routers.

Optional transitive : These PAs don’t have to be recognized but they must be passed along to other BGP peers if they are present in an update.

Corrigeme, por favor.

Open : When a neighbor is configured, the router sends an open to that neighbor to get the ball rolling.

Destination:  The neighbor's configured IP
Important fields:
  My AS

Update : The routing  information

Destination:  The neighbor's configured IP
Important fields:
  Advertised network Klonopin Online
  Path attributes

Keepalive : Sent every 60 seconds by default

Destination:  The neighbor's configured IP
Important fields:
  Nothing, really

Notification : When something is amiss, the router sends a notification message.  The receiver then closes the connection.

Corrections appreciated.

Idle : There is no relationship, but the router sends out a TCP SYN to the neighbor to get the ball rolling.

Idle (admin) : The neighbor is admined down.

Connect : The router is waiting for the TCP connection to finish.  If the TCP connection finishes, the router sends an open and transitions to OpenSent.  If it times out, it transitions to Active.

Active : The router tries Cialis to initiate a TCP connection.  If the TCP connection finishes, the router sends an open and transitions to OpenSent.

Are you sensing a theme lately?  Since we covered the basics of the main IGPs (I’m an enterprise guy, so no IS-IS comments, please.), I thought I’d try to describe the basics of advertising IPv6 routes over BGP.  Yet again, we’re not going to do any route manipulation or change any of the 948284928 BGP attributes.  We’re just trying to get routes exchanged.

Configuration

There’s no new version of BGP for IPv6 here.  It’s the standard BGP version 4 that we’ve all been using for years, but we’re going to take advantage of the multiprotocol support (MPBGP, RFC 2858 RFC 4760).  We’ll get to the differences in a second, but the first thing to do is to set up the BGP process as normal.  

As always, corrections are requested.

Study Questions

• I’ve got IGRP and EIGRP both configured with the same AS number.  What’s special about this configuration?

If both use the same AS number, then they automatically redistribute their routes into each other without using the redistribute command.

• When redistributing one IGP into another, where’s a good place to filter routes?

There’s no one good place, but at the router(s) that’s doing the redistribution is a good start.  There’s no need to send an IGP a bunch of routes it doesn’t need.

Corrections, please.  I skipped a bunch of BGP intro stuff to get to the juicy center.  I’ll see if I can come back later and finish the other parts for posterity.

Study Notes

• Is BGP route selection a controversial subject?

Yes.  If you ask 1000 network guys the best way to influence BGP, you’ll probably get 1000 different answers.

• At what position in the PA list of a BGP update do you find the weight attribute?

You don’t.  Weight is a Cisco-proprietary thing.

I’ve seen and used the command before, but I’ve never really seen any use of the show ip protocols command until tonight while reading up for my ROUTE test.  There’s a lot of good information in the output, and, from the way the book is reading, this is a great candidate for use in a lab question.

To check it out a bit, I set up a small network with four routers connected only to a single Ethernet segment.  I set up one router to run EIGRP, OSPF, and BGP to each one of the other routers just so I could see the output for the different routing protocols.  Here’s what puked out after struggling with GNS for a few minutes.

Earl Zmijewski of Renesys has an analysis of the SuproNet incident that took down a good bit of the Internet on Monday.  From the blog:

This single Czech provider announcing a single prefix caused a huge increase in the global rate of updates, peaking at 107,780 updates per-second. This peak occurred at 16:30:54 UTC, less than 8 minutes after the first announcement.

Here’s a handy list of ACL entries to allow your devices to speak routing protocols, availability protocols, and some other stuff. We’ll assume you have ACL 101 applied to your Ethernet inbound; your Ethernet has an IP of 192.168.0.1.

• BGP : Runs on TCP/179 between the neighbors

access-list 101 permit tcp any host 192.168.0.1 eq 179

• EIGRP : Runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.10

access-list 101 permit eigrp any host 224.0.0.10