A router authenticates the source of each routing update packet
that it receives. Many routing protocols support authentication like OSPF,
EIGRP, ISIS, BGP, and RIPv2.
Border gateway protocol (BGP) support authentication
mechanism using message digest 5 (MD5) algorithms. When authentication I enabled,
any TCP segment belonging to BGP exchange between the peers is verified and
accepted only if authentication is successful. If the authentication fails, the
BGP neighbor relationship goes down (not be established).
Before we start BGP configuration check out some important of BGP CCIE exam topics.
1.Introduction of BGP
2.BGP Neighbors
3.BGP Peer Group
4.BGP Attributes
5.BGP Weight Attribute
6.BGP Local Preference (Local_Pref)
7.BGP Multi Exit Discriminator (MED)
8.BGP AS Path Prepending
9.BGP Route Reflectors (RR)
10.BGP Communities_No-advertise configuration
11.BGP community Local-AS
12.BGP Confederations and configuration
13.BGP Route filtering methods
Topology :
Goal:
- configure the topology as per the diagram
- configure basic iBGP
- configure MD5 authentication use password internetworks
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.1 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
GigabitEthernet2/0 unassigned YES unset administratively down down
Serial3/0 1.1.1.1 YES manual up up
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 20.1.1.1 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
GigabitEthernet2/0 unassigned YES unset administratively down down
Serial3/0 1.1.1.2 YES manual up up
R1(config)#router bgp 65011
R1(config-router)#neighbor 1.1.1.2 remote-as 65011
R1(config-router)#network 10.0.0.0
R1(config-router)#network 1.0.0.0
R1(config-router)#no synchronization
R1(config-router)#exit
R2(config)#router bgp 65011
R2(config-router)#neighbor 1.1.1.1 remote-as 65011
*Mar 22 13:44:19.255: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
R2(config-router)#network 1.0.0.0
R2(config-router)#network 10.0.0.0
R2(config-router)#no synchronization
R2(config-router)#exit
R1# show ip bgp
BGP table version is 3, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 1.0.0.0 1.1.1.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 10.0.0.0 0.0.0.0 0 32768 i
R1#show ip bgp summary
BGP router identifier 10.1.1.1, local AS number 65011
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/1 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 2/0 prefixes, 3/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.2 4 65011 10 10 3 0 0 00:04:49 1
R2#show ip bgp
BGP table version is 4, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 0.0.0.0 0 32768 i
* i 1.1.1.1 0 100 0 i
*>i 10.0.0.0 1.1.1.1 0 100 0 i
R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 4, main routing table version 4
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 2/0 prefixes, 3/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 65011 11 10 4 0 0 00:05:18 2
R1(config)#router bgp 65011
R1(config-router)#neighbor 1.1.1.2 password internetworks
R1(config-router)#neighbor 1.1.1.2 version 4
R1(config-router)#end
R1#
*Mar 22 13:54:42.691: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(179) to 1.1.1.1(47927) tableid - 0
*Mar 22 13:54:42.695: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(179) to 1.1.1.1(47927) tableid - 0
*Mar 22 13:54:43.351: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(32235) to 1.1.1.1(179) tableid - 0
R2#show ip bgp
BGP table version is 2, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 0.0.0.0 0 32768 i
R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 2, main routing table version 2
1 network entries using 144 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 360 total bytes of memory
BGP activity 3/2 prefixes, 4/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 65011 0 0 1 0 0 00:02:46 Active
R2(config)#router bgp 65011
R2(config-router)#neighbor 1.1.1.1 password internetworks
R2(config-router)#neighbor 1.1.1.1 version 4
*Mar 22 13:57:36.931: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
R2(config-router)#end
R2#show ip bgp
BGP table version is 3, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 1.0.0.0 1.1.1.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i 10.0.0.0 1.1.1.1 0 100 0 i
R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 4/2 prefixes, 6/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 65011 5 5 3 0 0 00:00:44 2
.png)
No comments:
Post a Comment