BGP TE

De Le wiki des TPs RSM
TP
BGP: Traffic Engineering

"The goal of this practical is to use a virtual platform developed by Juniper to do traffic engineering by modifying the path taken by packets un an IP network. This practical will also be an opportunity to learn JunOS operating system used by Juniper routers

TO DO:

  • Cent-OS A does not have a good configuration of interface eth1:0 with is used of 172.20.0.1
  • zebra and bgpd deos not start a boot time on centos A.
  • Give an explanation of filtering 172.16.1/24

Sommaire

Implementation

The network architecture we will use is defined in the following picture:

Archi BGP TE.png

This picture give a vision of the AS we will use:

  • AS-200 is the target AS we will want to reach. This AS announces a 172.20.0.0/24 prefix to the rest of the world. The goal will be to ping the 172.20.0.1 host.
  • AS-100, AS-101 and AS-102 symbolize the Internet network made of several ISP or Tier-1.
  • AS-B will be the AS you will manage. This AS is multi-homed to two ISP.

AS 200, 100, 101, 102 will be common to all the groups. Each group will manage a different AS-B, called AS-B._ where _ is you group number.

The goal of this practical is to modify BGP announcements to force some routes and verify that the network react the appropriate way to your commands.

Stylo.png
If we suppose that the route selection is only made on AS_PATH length, what should be the route between AS 200 and your AS B ?




The following picture describes more precisely the network architecture of your AS-B. Each group will have a similar and independent architecture.


Archi BGP TE2.png

You AS B is composed of several PE:

  • routers B_.1 and B_.2 are peering in BGP with AS-100 and AS-101.
  • routers B_.6 and B_.5 allows your customers to access Internet. They will use private AS numbers 65001 and 65002.

The other routers are P routers, they are running IS-IS as IGP.

Addressing plan

None of these routers are in Telecom-Bretagne premises. We can access them through ssh, the port number we will use the command ssh root@tb.cloud.juniper.net -p <port>. The following scheme gives the IP addressing plan and the port number you can use to reach the router. We give you all the port, but to respect AS principle, normally you cann alny access to router un you AS-B.

Analyze of the existing network

Red arrow.png do a connection on router B_.1

#ssh root@tb.cloud.juniper.net -p PPPP <- PPPP is the port number of your router B_.1
Welcome to the cloud
password is Clouds
root@tb.cloud.juniper.net's password: Clouds
--- JUNOS 10.3B2.4 built 2010-06-02 01:55:40 UTC
clclroot@vm-b1%

You are connected to a Juniper router. Commands are different from the Cisco commands we saw on previous practicals. In fact at this point you are connected to a BSD host which supervise your router.

Red arrow.png To see that you are on a Unix machine type a Unix comand such as ps

 clclroot@vm-b1% ps



Red arrow.png start the cli application to configure your router (the prompt will change)

root@vm-b1% cli



Red arrow.png Visualize router configuration and find the part regarding interface configuration

 root@vm-b1.1> show configuration
 


Question.jpg
On the following scheme represent the prefixes and their length for router B_.1

B1.1.png


BGP

Red arrow.png Display BGP peering

root@vm-b1.1> show bgp summary



Question.jpg
How many iBGP and eBGP peering? with how many ASes ?





Red arrow.png Display BGP announces

root@vm-b1.1> show route protocol bgp



Question.jpg
Indicate of the previous scheme what is the path taken by theses announces. Why do B_.1 receives two announces that took the same path ?




Question.jpg
To which router is send a packet to 172.20.0.1 ? on which interface ? what if the IP address of this interface ?




show route 172.20.0.1 



ping

Red arrow.png try a ping to 172.20.0.1

root@vm-b1.1> ping 172.20.0.1                    



Question.jpg
Does it work ? Give a explaination since we receive prefixes for that destination in the BGP table.




Red arrow.png try to ping with another IP source address

root@vm-b1.1> ping 172.20.0.1 source 10.1.0.5



Question.jpg
Why does it works ?




Question.jpg
Locate on the configuration file where prefix 172.16._ is filtered

On BGP configuration we can find the following instructions for peering with the backbone

       group backbone {
           export to_bgp;
           remove-private;
           neighbor 172.16.1.1 {
               family inet {           
                   unicast;
               }
               peer-as 100;
           }
           neighbor 172.16.51.1 {
               family inet {
                   unicast;
               }
               peer-as 101;
           }
       }

The export instruction will define what prefixes will be announced or not. The definition is given by the to_bgp access list given at the end of the configuration file.

   policy-statement to_bgp {
       term 1 {
           from {
               route-filter 10.1.0.0/16 exact;
           }
           then accept;
       }
   }

NOT VERY CLEAR TO ME :-)

traceroute

Outils personnels