Monday, June 18, 2012

Multihoming


Introduction


This lab will address the issue of customer's network become a transit AS.




Multihoming Topology



Routers Configuration:
R1
interface Serial1/0
 ip address 10.10.10.6 255.255.255.252
 serial restart-delay 0
!
router bgp 65010
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.10.10.5 remote-as 65001
 no auto-summary
!
R2
interface Serial1/1
 ip address 10.20.20.6 255.255.255.252
 serial restart-delay 0
!
router bgp 65020
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.20.20.5 remote-as 65001
 no auto-summary
!
R3
interface Loopback0
 ip address 172.16.1.254 255.255.255.0
!
interface Loopback1
 ip address 172.16.2.254 255.255.255.0
!
interface Serial1/0
 ip address 10.10.10.5 255.255.255.252
 serial restart-delay 0
!
interface Serial1/1
 ip address 10.20.20.5 255.255.255.252
 serial restart-delay 0
!
router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 network 172.16.1.0 mask 255.255.255.0
 network 172.16.2.0 mask 255.255.255.0
 neighbor 10.10.10.6 remote-as 65010
 neighbor 10.20.20.6 remote-as 65020
 no auto-summary

Without filtering all networks are reachable from all routers R1, R2 and R3 hence R3 is becoming a transit AS between the two service providers.

 R1#ping 10.20.20.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.20.20.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/44/76 ms

R2#ping 10.10.10.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/45/68 ms



 Now let's apply the filters to prevent customer AS advertising network from one ISP to other. 
R3
!
router bgp 65001
 neighbor 10.10.10.6 route-map as65010only in
!−−− Incoming policy route−map that filters routes from SP−A.
 neighbor 10.10.10.6 route-map localonly out
!−−− Outgoing policy route−map that filters routes to service provider A (ISP−A).
 
 neighbor 10.20.20.6 route-map as65020only in
!−−− Outgoing policy route−map that filters routes to SP−B.
 neighbor 10.20.20.6 route-map localonly out
!−−− Outgoing policy route−map that filters routes to service provider B (ISP−B).

!
ip as-path access-list 10 permit ^$
!−−− Configuring the as−path access−list 10 as
!−−− IP as−path access−list 10 permit ^$, means that the router
!−−− will only send the prefixes which are generated locally in
!−−− AS 65001 and not from any other AS.
ip as-path access-list 20 permit ^65010$
ip as-path access-list 30 permit ^65020$
!
route-map as65010only permit 10
 match as-path 20
!
route-map as65020only permit 10
 match as-path 30
!
route-map localonly permit 10
 match as-path 10
!
The as-path access-list and route-maps will filter out anything that are not sourced from the two ISPs.






Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)