Cisco - BGP backdoor
Alasta 15 Juillet 2018 cisco cisco bgp cli
Description : Comprendre l'utilisation de la fonctionnalité backdoor.
Architecture :
Configuration :
R1
1 router bgp 1
2 no synchronization
3 bgp router-id 1.1.1.1
4 bgp log-neighbor-changes
5 neighbor 10.1.3.3 remote-as 3
6 no auto-summary
7
8 router bgp 1
9 no synchronization
10 bgp router-id 1.1.1.1
11 bgp log-neighbor-changes
12 neighbor 10.1.3.3 remote-as 3
13 no auto-summary
R2
1 router eigrp 12
2 redistribute connected
3 network 10.1.2.0 0.0.0.255
4 no auto-summary
5 eigrp router-id 2.2.2.2
R3
1 router bgp 3
2 no synchronization
3 bgp router-id 3.3.3.3
4 bgp log-neighbor-changes
5 neighbor 10.1.3.1 remote-as 1
6 neighbor 10.3.4.4 remote-as 4
7 no auto-summary
R4
1 router bgp 4
2 no synchronization
3 bgp router-id 4.4.4.4
4 bgp log-neighbor-changes
5 network 10.2.4.0 mask 255.255.255.0
6 neighbor 10.3.4.3 remote-as 3
7 no auto-summary
Pour R1, le réseau d'interconnexion entre R2 et R4 et joignable via EIGRP et BGP.
Il serait logique de passer par R2 car il est plus près.
Mais l'Administrative Distance de BGP (ici eBGP) est de 20 qui prend le main sur EIGRP qui est de 170 (car elle est redistibuée).
Table de routage R1
1 R1#sh ip route
2 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
3 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
4 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
5 E1 - OSPF external type 1, E2 - OSPF external type 2
6 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
7 ia - IS-IS inter area, * - candidate default, U - per-user static route
8 o - ODR, P - periodic downloaded static route
9
10 Gateway of last resort is not set
11
12 10.0.0.0/24 is subnetted, 3 subnets
13 C 10.1.3.0 is directly connected, FastEthernet0/1
14 C 10.1.2.0 is directly connected, FastEthernet0/0
15 B 10.2.4.0 [20/0] via 10.1.3.3, 00:04:26
On vérifie bien que R1 utilise BGP car son Administratice Distance et inférieure à EIGRP.
Il est possible de changer ce comportement juste pour le réseau choisi.
Configuration :
On va utiliser la fonction backdoor de BGP.
R1
1 router bgp 1
2 no synchronization
3 bgp router-id 1.1.1.1
4 bgp log-neighbor-changes
5 network 10.2.4.0 mask 255.255.255.0 backdoor
6 neighbor 10.1.3.3 remote-as 3
7 no auto-summary
Il faut en revanche le faire par réseau.
Vérification :
1 R1#sh ip route
2 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
3 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
4 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
5 E1 - OSPF external type 1, E2 - OSPF external type 2
6 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
7 ia - IS-IS inter area, - candidate default, U - per-user static route
8 o - ODR, P - periodic downloaded static route
9
10 Gateway of last resort is not set
11
12 10.0.0.0/24 is subnetted, 3 subnets
13 C 10.1.3.0 is directly connected, FastEthernet0/1
14 C 10.1.2.0 is directly connected, FastEthernet0/0
15 D EX 10.2.4.0 [170/284160] via 10.1.2.2, 00:01:36, FastEthernet0/0
16 R1#sh ip bgp
17 BGP table version is 3, local router ID is 1.1.1.1
18 Status codes: s suppressed, d damped, h history, valid, > best, i - internal,
19 r RIB-failure, S Stale
20 Origin codes: i - IGP, e - EGP, ? - incomplete
21
22 Network Next Hop Metric LocPrf Weight Path
23 r> 10.2.4.0/24 10.1.3.3 0 3 4 i
Test de perte EIGRP :
Nous allons couper l'interface f0/0 et vérifier que la route BGP prenne la main.
1 R1#conf t
2 Enter configuration commands, one per line. End with CNTL/Z.
3 R1(config)#int f0/0
4 R1(config-if)#shutdown
5 R1(config-if)#end
6 R1#
7 Mar 1 00:10:36.095: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 10.1.2.2 (FastEthernet0/0) is down: interface down
8 R1#sh ip bgp
9 Mar 1 00:10:37.563: %SYS-5-CONFIG_I: Configured from console by console
10 Mar 1 00:10:38.039: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
11 R1#sh ip bgp
12 Mar 1 00:10:39.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
13 R1#sh ip route
14 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
15 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
16 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
17 E1 - OSPF external type 1, E2 - OSPF external type 2
18 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
19 ia - IS-IS inter area, * - candidate default, U - per-user static route
20 o - ODR, P - periodic downloaded static route
21
22 Gateway of last resort is not set
23
24 10.0.0.0/24 is subnetted, 2 subnets
25 C 10.1.3.0 is directly connected, FastEthernet0/1
26 B 10.2.4.0 [200/0] via 10.1.3.3, 00:00:06