netzi-pi: 10.10.0.0/16 benutzt: 10.10.0.0/22 10.10.4.0/23 10.10.16.0/24 10.10.17.0/24 an peers announced: lediglich das 10.10.0.0/16 als aggregat! der special-peer bekommt NUR 10.10.16.0/24! wichtig hierbei: UNTERSCHIED zwischen der BGP routing table und der lokalen tabelle! Lokal hat der router folgende statischen routen: ip route 10.10.0.0/22 null0 254 ip route 10.10.4.0/23 null0 254 ip route 10.10.16.0/24 null0 254 ip route 10.10.17.0/24 null0 254 und ganz wichtig: ip route 10.10.0.0/16 null0 255 (damit nicht pakete zwischen IBGP peers loopen, wenn das netz weder via OSPF noch null0 anliegt.) dynamisch kommen per OSPF diese dann (wenn verfügbar) ebenfalls (mit geringerer metric) rein. Router ausserhalb bekommen aber die 10.10.0.0/16 ! ####################################################################################################################################### hostname cogent.name.tld password abc1 enable password abc1 log file /var/log/quagga/bgpd.log ! router bgp OURAS no synchronization bgp router-id OURROUTERIP1 !network 10.10.0.0/22 !network 10.10.4.0/23 !network 10.10.16.0/24 !network 10.10.17.0/24 redistribute connected redistribute static redistribute ospf aggregate-address 10.10.0.0/16 neighbor ebgp peer-group neighbor ebgp send-community both neighbor ebgp soft-reconfiguration inbound neighbor ebgp timers 5 15 neighbor ebgp prefix-list any in neighbor ebgp prefix-list self out neighbor ebgp route-map communities out neighbor ebgp remove-private-as neighbor ibgp peer-group neighbor ibgp send-community both neighbor ibgp soft-reconfiguration inbound neighbor ibgp timers 5 15 neighbor ibgp route-map communities out neighbor ibgp set next-hop-self neighbor COGENTROUTERIP peer-group ebgp neighbor COGENTROUTERIP remote-as COGENTAS neighbor COGENTROUTERIP description cogent neighbor COGENTROUTERIP route-map cogent-out out neighbor COGENTROUTERIP route-map cogent-in in neighbor DARKFIBREIP1 peer-group ibgp neighbor DARKFIBREIP1 remote-as OURAS neighbor DARKFIBREIP1 description darkfibre cogent-inxs neighbor DARKFIBREIP1 route-map darkfibre-out out neighbor DARKFIBREIP1 route-map darkfibre-in in ! ! ip prefix-list any description anything but ours ip prefix-list any seq 1 deny 10.10.0.0/16 le 32 ip prefix-list any seq 500 permit 0.0.0.0/0 ge 24 ip prefix-list any seq 999 deny 0.0.0.0/0 le 32 ! ip prefix-list self description own nets ip prefix-list self seq 1 permit 10.10.0.0/16 ip prefix-list self seq 999 deny 0.0.0.0/0 le 32 ! ip prefix-list transit description transit net ip prefix-list transit seq 500 permit 0.0.0.0/0 ge 24 ip prefix-list transit seq 999 deny 0.0.0.0/0 le 32 ! ip prefix-list bogons seq 1 deny 0.0.0.0/7 le 32 ip prefix-list bogons seq 2 deny 2.0.0.0/8 le 32 ip prefix-list bogons seq 3 deny 5.0.0.0/8 le 32 ip prefix-list bogons seq 4 deny 7.0.0.0/8 le 32 ip prefix-list bogons seq 5 deny 10.0.0.0/8 le 32 ip prefix-list bogons seq 6 deny 23.0.0.0/8 le 32 ip prefix-list bogons seq 7 deny 27.0.0.0/8 le 32 ip prefix-list bogons seq 8 deny 31.0.0.0/8 le 32 ip prefix-list bogons seq 9 deny 36.0.0.0/7 le 32 ip prefix-list bogons seq 10 deny 39.0.0.0/8 le 32 ip prefix-list bogons seq 11 deny 41.0.0.0/8 le 32 ip prefix-list bogons seq 12 deny 42.0.0.0/8 le 32 ip prefix-list bogons seq 13 deny 49.0.0.0/8 le 32 ip prefix-list bogons seq 14 deny 50.0.0.0/8 le 32 ip prefix-list bogons seq 15 deny 73.0.0.0/8 le 32 ip prefix-list bogons seq 16 deny 74.0.0.0/7 le 32 ip prefix-list bogons seq 17 deny 76.0.0.0/6 le 32 ip prefix-list bogons seq 18 deny 89.0.0.0/8 le 32 ip prefix-list bogons seq 19 deny 90.0.0.0/7 le 32 ip prefix-list bogons seq 20 deny 92.0.0.0/6 le 32 ip prefix-list bogons seq 21 deny 96.0.0.0/3 le 32 ip prefix-list bogons seq 23 deny 172.16.0.0/12 le 32 ip prefix-list bogons seq 24 deny 173.0.0.0/8 le 32 ip prefix-list bogons seq 25 deny 174.0.0.0/7 le 32 ip prefix-list bogons seq 26 deny 176.0.0.0/5 le 32 ip prefix-list bogons seq 27 deny 184.0.0.0/6 le 32 ip prefix-list bogons seq 28 deny 189.0.0.0/8 le 32 ip prefix-list bogons seq 29 deny 190.0.0.0/8 le 32 ip prefix-list bogons seq 30 deny 192.0.2.0/24 le 32 ip prefix-list bogons seq 31 deny 192.168.0.0/16 le 32 ip prefix-list bogons seq 32 deny 197.0.0.0/8 le 32 ip prefix-list bogons seq 33 deny 198.18.0.0/15 le 32 ip prefix-list bogons seq 34 deny 223.0.0.0/8 le 32 ip prefix-list bogons seq 35 deny 224.0.0.0/3 le 32 ! ip as-path access-list any deny _OURAS_ ip as-path access-list any deny ^OURAS$ ip as-path access-list any deny ^OURAS_ ip as-path access-list any deny _OURAS$ ip as-path access-list any permit .* ! ip as-path access-list self permit ^OURAS$ ip as-path access-list self permit ^OURAS OURAS$ ip as-path access-list self permit ^OURAS OURAS OURAS$ ip as-path access-list self permit ^OURAS OURAS OURAS OURAS$ ip as-path access-list self permit ^OURAS OURAS OURAS OURAS OURAS$ ip as-path access-list self deny any ! route-map communities permit 10 !match ip address XXX !set community XXX ! line vty ! ####################################################################################################################################### hostname inxs.name.tld password abc2 enable password abc2 log file /var/log/quagga/bgpd.log ! router bgp OURAS no synchronization bgp router-id OURROUTERIP2 network 10.10.0.0/22 network 10.10.4.0/23 network 10.10.16.0/24 network 10.10.17.0/24 aggregate-address 10.10.0.0/16 neighbor ebgp peer-group neighbor ebgp send-community both neighbor ebgp soft-reconfiguration inbound neighbor ebgp timers 5 15 neighbor ebgp prefix-list any in neighbor ebgp prefix-list self out neighbor ebgp route-map communities out neighbor ebgp remove-private-as neighbor ibgp peer-group neighbor ibgp send-community both neighbor ibgp soft-reconfiguration inbound neighbor ibgp timers 5 15 neighbor ibgp route-map communities out neighbor ibgp set next-hop-self neighbor TELIAROUTERIP peer-group ebgp neighbor TELIAROUTERIP remote-as TELIAAS neighbor TELIAROUTERIP description telia neighbor TELIAROUTERIP route-map telia-out out neighbor TELIAROUTERIP route-map telia-in in neighbor TISCALIROUTERIP peer-group ebgp neighbor TISCALIROUTERIP remote-as TISCALIAS neighbor TISCALIROUTERIP description tiscali neighbor TISCALIROUTERIP route-map tiscali-out out neighbor TISCALIROUTERIP route-map tiscali-in in neighbor SPECIALPEER peer-group ebgp neighbor SPECIALPEER remote-as SPECIALAS nieghbor SPECIALPEER description host that gets a special announcement neighbor SPECIALPEER prefix-list special out neighbor DARKFIBREIP2 peer-group ibgp neighbor DARKFIBREIP2 remote-as OURAS neighbor DARKFIBREIP2 description darkfibre inxs-cogent neighbor DARKFIBREIP2 route-map darkfibre-out out neighbor DARKFIBREIP2 route-map darkfibre-in in ! ! ip prefix-list any description anything but ours ip prefix-list any seq 1 deny 10.10.0.0/16 le 32 ip prefix-list any seq 500 permit 0.0.0.0/0 ge 24 ip prefix-list any seq 999 deny 0.0.0.0/0 le 32 ! ip prefix-list self description own nets ip prefix-list self seq 1 permit 10.10.0.0/16 ip prefix-list self seq 999 deny 0.0.0.0/0 le 32 ! ip prefix-list transit description transit net ip prefix-list transit seq 500 permit 0.0.0.0/0 ge 24 ip prefix-list transit seq 999 deny 0.0.0.0/0 le 32 ! ip prefix-list special description do only announce some special routes ip prefix-list special seq 1 permit 10.10.0.16/24 ip prefix-list special seq 999 deny 0.0.0.0/0 le 32 ! ip prefix-list bogons seq 1 deny 0.0.0.0/7 le 32 ip prefix-list bogons seq 2 deny 2.0.0.0/8 le 32 ip prefix-list bogons seq 3 deny 5.0.0.0/8 le 32 ip prefix-list bogons seq 4 deny 7.0.0.0/8 le 32 ip prefix-list bogons seq 5 deny 10.0.0.0/8 le 32 ip prefix-list bogons seq 6 deny 23.0.0.0/8 le 32 ip prefix-list bogons seq 7 deny 27.0.0.0/8 le 32 ip prefix-list bogons seq 8 deny 31.0.0.0/8 le 32 ip prefix-list bogons seq 9 deny 36.0.0.0/7 le 32 ip prefix-list bogons seq 10 deny 39.0.0.0/8 le 32 ip prefix-list bogons seq 11 deny 41.0.0.0/8 le 32 ip prefix-list bogons seq 12 deny 42.0.0.0/8 le 32 ip prefix-list bogons seq 13 deny 49.0.0.0/8 le 32 ip prefix-list bogons seq 14 deny 50.0.0.0/8 le 32 ip prefix-list bogons seq 15 deny 73.0.0.0/8 le 32 ip prefix-list bogons seq 16 deny 74.0.0.0/7 le 32 ip prefix-list bogons seq 17 deny 76.0.0.0/6 le 32 ip prefix-list bogons seq 18 deny 89.0.0.0/8 le 32 ip prefix-list bogons seq 19 deny 90.0.0.0/7 le 32 ip prefix-list bogons seq 20 deny 92.0.0.0/6 le 32 ip prefix-list bogons seq 21 deny 96.0.0.0/3 le 32 ip prefix-list bogons seq 23 deny 172.16.0.0/12 le 32 ip prefix-list bogons seq 24 deny 173.0.0.0/8 le 32 ip prefix-list bogons seq 25 deny 174.0.0.0/7 le 32 ip prefix-list bogons seq 26 deny 176.0.0.0/5 le 32 ip prefix-list bogons seq 27 deny 184.0.0.0/6 le 32 ip prefix-list bogons seq 28 deny 189.0.0.0/8 le 32 ip prefix-list bogons seq 29 deny 190.0.0.0/8 le 32 ip prefix-list bogons seq 30 deny 192.0.2.0/24 le 32 ip prefix-list bogons seq 31 deny 192.168.0.0/16 le 32 ip prefix-list bogons seq 32 deny 197.0.0.0/8 le 32 ip prefix-list bogons seq 33 deny 198.18.0.0/15 le 32 ip prefix-list bogons seq 34 deny 223.0.0.0/8 le 32 ip prefix-list bogons seq 35 deny 224.0.0.0/3 le 32 ! ip as-path access-list any deny _OURAS_ ip as-path access-list any deny ^OURAS$ ip as-path access-list any deny ^OURAS_ ip as-path access-list any deny _OURAS$ ip as-path access-list any permit .* ! ip as-path access-list self permit ^OURAS$ ip as-path access-list self permit ^OURAS OURAS$ ip as-path access-list self permit ^OURAS OURAS OURAS$ ip as-path access-list self permit ^OURAS OURAS OURAS OURAS$ ip as-path access-list self permit ^OURAS OURAS OURAS OURAS OURAS$ ip as-path access-list self deny any ! route-map communities permit 10 !match ip address XXX !set community XXX ! line vty !