Cisco Router Challenge 81
Outline
This challenge involves the configuration of BGP to prevent leakage of
private AS numbers into the Internet.The objectives of
this challenge are to:
Commnands
# config
t
(config)#
router bgp 172
(config-router)# neighbor 11.11.11.11
remote-as 64512
(config-router)# neighbor 12.12.12.12
remote-as 311
(config-router)# neighbor 12.12.12.12
remove-private-as
Example
# config
t
(config)#
router bgp 172
(config-router)# neighbor 11.11.11.11 ?
activate Enable the Address Family for
this Neighbor
advertise-map specify route-map for conditional
advertisement
advertisement-interval Minimum interval between sending BGP
routing updates
allowas-in
Accept as-path with my AS present in it
default-originate Originate default route to this neighbor
description Neighbor
specific description
distribute-list Filter updates to/from this neighbor
ebgp-multihop Allow EBGP neighbors
not on directly connected
networks
filter-list Establish BGP filters
local-as Specify a local-as number
maximum-prefix Maximum number of prefix accept from
this peer
next-hop-self Disable the next hop calculation for
this neighbor
next-hop-unchanged Propagate the iBGP
paths's next hop unchanged for
this
neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-AS Remove private AS number from outbound
updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor
as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this
neighbor
soft-reconfiguration Per neighbor soft
reconfiguration
timers BGP per neighbor
timers
translate-update Translate Update to MBGP format
unsuppress-map
Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a
neighbor
weight
Set default weight for routes from this neighbor
(config-router)# neighbor 11.11.11.11
remote-as 64512
(config-router)# neighbor 12.12.12.12
remote-as 311
(config-router)# neighbor 12.12.12.12
remove-private-as
Explanation
There are legal (or public) AS numbers and private ones. A private one can
be setup when connecting to a single provider. These are in the range of 64,512
to 65,535. Thus the following defines a private AS:
(config-router)#
neighbor 11.11.11.11 remote-as 64512
When private AS numbers are assigned, they should not be advertised to the
Internet, as they are not unique. Thus the command:
(config-router)#
neighbor 12.12.12.12 remove-private-as
Removes all private AS in the range from 64,512 to 65,535, in the broadcast
to 12.12.12.12.
Topology
The basic topology is defined below, where AS1 is connected to E0, AS2 to
S0, and AS3 to S1.