BGP and multi OSPF and RIP

Departamento de Informática Escola de Engenharia

Universidade do Minho

_________________________________________________________________________Tecnologias e Protocolos de Rede, 2015/2016

Tecnologias e Protocolos de Rede [2015/2016] MERSTel/MIEI MSc

Laboratory Work TP1: Routing [Part #2]

Objectives

• Development of competences in the process of configuring RIP and OSPF routing protocols, including the redistribution of routes between these protocols.

• Development of competences in the configuration of the external routing protocol BGP, including conditioning/filtering of BGP routes.

• Use of network level emulation tools, e.g. CORE (Common Open Research Emulator).

• Development of research skills and self-learning capabilities for configuring internal/ external routing protocols.

Report

• All working groups are expected to prepare a report describing the tasks/configurations made in the context of this laboratory work. • The definition of the report structure and included contents is the responsibility of the working groups. • The reports will be evaluated taking into account i) the correction/technical quality of the solutions/settings/answers/explanations made regarding the proposed tasks/challenges and ii ) clarity/organization/quality of the submitted report. • The reports should be submitted by the deadline set by the teacher.

____________________________________________________________________________ In the context of this work, it is expected that students perform the adequate research for the addressed topics. The following references/links are merely illustrative and should be complemented with other references deemed relevant.

• http://www.nrl.navy.mil/itd/ncs/products/core • http://downloads.pf.itd.nrl.navy.mil/core/vmware-image/ • Several manuals/documentation regarding the configuration of routing protocols in

CISCO equipment can be searched on the net, with many available in http://www.cisco.com/........ [note: In the CORE emulator the routing processes are based on the Quagga framework (http://www.nongnu.org/quagga/). However, most of the configuration commands are quite similar to the ones commonly used in CISCO IOSs]

____________________________________________________________________________ Tasks - Familiarization with the emulator CORE (Common Open Research Emulator) http://www.nrl.navy.mil/itd/ncs/products/core - Installation of the virtual machine of vcore 4.6 (available for VMware or VirtualBox) http://downloads.pf.itd.nrl.navy.mil/core/vmware-image/




Objective: The objective is to implement and test a scenario of global routing involving multiple Autonomous Systems (ASs) interconnected through the routing protocol BGP. Internally the ASs use distinct routing protocols. The scenario to be emulated in the CORE platform is illustrated in Figure 1.

Figure 1 - Scheme of the interconnection between various ASs and the used internal/external routing protocols.

AS 65500 10.5.0.0/16

AS 65300 10.3.0.0/16

AS 65400 10.4.0.0/16

e-BGP e-BGP

e-BGP e-BGP

AS 65000

10.0.0.0/16 OSPF (area)

OSPF (area)

OSPF (area)

e-BGP

e-BGP

RIP

AS 65200 10.2.0.0/16

OSPF (area)

RIP

AS 65100 10.1.0.0/16




Detailed Description:

1. The Autonomous System 65200 is a stub autonomous system. As such, it maintains BGP peering relationships outside with a single AS neighbour that guarantees external access: the AS 65400. • The autonomous system 65200 uses internally the IPv4 address range 10.2.0.0/16. • Internally, the autonomous system 65200 uses the RIP protocol, using default routes to reach other autonomous systems. • AS 65200 (network 10.2.0.0/16) has connectivity to all other ASs, with the exception of AS 65100 for which the administrators of AS 65200 decided not to have connectivity.

2. The Autonomous System 65100 is a stub autonomous system. As such, it maintains BGP peering relationships outside with a single neighbour autonomous system that guarantees external access: the AS 65300. • The autonomous system 65100 uses internally the IPv4 address range 10.1.0.0/16. • Internally, the Autonomous System 65100 uses the OSPF routing protocol.

Additionally, there are also some older networks that operate according to the RIP protocol. For connectivity between the networks/devices RIP/OSPF resorts to processes of redistributing routes between them. Internally, default routes are used to reach other autonomous systems.

• AS 65100 (network 10.1.0.0/16) has connectivity with all other ASs, with the exception of AS 65200 for which the administrators of AS 65100 decided not to have connectivity.

3. The Autonomous System AS 65000 is a multihomed autonomous system. As such, it

maintains BGP peering relationships outside with two neighbouring autonomous systems which ensure that external access: AS 65300 and AS 65400. • The autonomous system 65000 uses internally the IPv4 address range 10.0.0.0/16. • Internally, the Autonomous System 65000 uses the OSPF routing protocol, structured in several areas (two areas beyond the area 0, and with at least three routers in each area). Internally, default routes are used to reach other autonomous systems. • It is guaranteed global connectivity to all networks of AS 65000 (10.0.0.0/16). • The autonomous system 65000 AS is a multihomed system but not a transit autonomous system. So, even if the connections between the neighbouring autonomous systems AS 65300 and AS 65400 fails, they should not be able to route traffic through autonomous system AS 65000.

4. The AS 65300, AS 65400 and AS 65500 are essentially transit autonomous systems.

As such, in the presented example, it is not strictly necessary to configure an internal routing protocol into each one. However, it should be ensured that there is in each of these autonomous systems at least one end system in the networks 10.3.0.0/16, 10.4.0.0/16 and 10.5.0.0/16, to perform connectivity tests between these and the remaining ASs.




• The AS 65300 is the ISP of ASs 65100 and AS 65000. As such it must accept routes

advertised by them and disseminate them. In turn, the AS 65400 is the ISP of ASs 65200 and 65000. Likewise, it should accept and disseminate the routes advertised by them.

Report: Prepare a report describing the work performed and explaining the major decisions. As noted before, the definition of the structure and content of the report is the responsibility of the working groups. However, amongst others deemed relevant, do not forget to include in the report the following topics: • An explanation of the most relevant configuration commands of the internal protocols (OSPF and RIP) made in different autonomous systems. • An explanation of the performed BGP configurations, as well as how the external routing policies (BGP) mentioned before were implemented. An analysis of the AS-PATH attributes associated with the BGP routes exchanged between the peers. • Commented examples of the routing tables of border AS routers. Moreover, relevant commented examples of internal AS routers routing tables should also be mentioned. • Connectivity tests demonstrating the compliance with the requirements presented.

UNIVERSITY OF MINHO

TECHNOLOGIES AND NETWORK PROTOCOLS

2015/2016

Routing

Part II - External/Internal Routing redistribution, conditioning

and filtering

Group 5

João Dias – PG30466

Khunbish Nyamsuren – E6769

Simão Dias – a61006

2

Table of Contents

Abstract ............................................................................................................. 4

Introduction ...................................................................................................... 5

Autonomous System 65200 Initialization .................................................... 6

Initial constraints for the initialization of AS 652000 ........................................ 6

Constraint a. ............................................................................................................. 7

Constraint b. ............................................................................................................. 7

Autonomous System 65100 Initialization .................................................... 8

Initial constraints for the initialization of AS 65100 .......................................... 8

Constraint a. ............................................................................................................. 9

Constraint b. ............................................................................................................. 9

Autonomous System 65000 Initialization ................................................. 10

Initial constraints for the initialization of AS 65000 ........................................ 10

Constraint a. ........................................................................................................... 10

Constraint b. ........................................................................................................... 11

Autonomous System 65300, 65400 and 65500 Initialization ............... 13

Constraint a. and b. ............................................................................................... 13

Globally connecting all Autonomous Systems .......................................... 14

Final constraints of the AS 65200 .............................................................. 15

Final Constraint a. ................................................................................................. 15

Final Constraint b. ................................................................................................. 15



Final Constraint b. ................................................................................................. 19



Final Constraint b. and c. ...................................................................................... 21

Final Topology ............................................................................................... 23

Conclusion ..................................................................................................... 24

Table of Figures

Figure 1. AS 65200 Topology ................................................................................................. 6Figure 2. AS 65100 Topology ................................................................................................. 8Figure 3. AS 65000 Topology ............................................................................................... 10Figure 4. As 65300 Topology ................................................................................................ 13Figure 5. AS 65400 Topology ............................................................................................... 13Figure 6. AS 65500 Topology ............................................................................................... 13Figure 7. Pings from different hosts from AS65200 to a host of AS65100 .................... 16Figure 8. Pings from RIP PC1 to the different transit ASs ................................................ 16Figure 9. Pings from RIP PC2 to the different transit Ass ................................................ 17Figure 10. Pings from RIP PC1 to the different areas of AS 65000 ................................ 17Figure 11. Pings from RIP PC2 to the different areas of AS 65000 ................................ 17Figure 12. Pings from hosts of AS 65200 to AS65100 OSPF side .................................. 18Figure 13. Pings from AS 65200 different hosts to AS 65100 hosts on RIP side ......... 19Figure 14. Ping to a OSPF host on AS65100 ...................................................................... 20Figure 15. Ping to a RIP host on AS65100 ......................................................................... 20Figure 16. Ping to RIP host on AS 65200 ........................................................................... 20Figure 17. Ping to a host on 65300 ..................................................................................... 21Figure 18. Ping to a host on 65400 ..................................................................................... 21Figure 19. Ping to a host on 65500 ..................................................................................... 21

Table Index

Table 1. Intra Network List for AS 65200 ............................................................................. 7Table 2. AS 65200 protocols and default Routes ................................................................ 7Table 3. Intra Network List for AS 65100 ............................................................................. 9Table 4. AS 65100 protocols and default Routes on OSPF side and bridge router ........ 9Table 5. AS 65100 protocols and default Routes on RIP side ........................................... 9Table 6. Intra Network List for AS 65000 ........................................................................... 10Table 7. AS 65000 protocols, default Routes and areas ................................................... 11Table 8. Routing protocols after BGP implementation ..................................................... 14

Abstract

In dynamic routing environments, IP routing information is propagated using routing

protocols. BGP is on of these protocols found in internet. Combining the knowledge we

obtained from the first project, with BGP protocol, the assistance of network emulation

software and a set of predefined questions, we will go more in depth on the

programming/configuration of network equipment in intra and inter nets that operate

under RIP, OSPF and/or BGP.

With BGP, we will put in practice a series of commands that allows us to restrict/filter

traffic from undesired Autonomous systems and the routing information from that one

AS propagates.

After this project we expect to be able to have a better understanding of this protocols

and the process that is required to accomplish a fully operating network.

Introduction

In this project we will further develop our knowledge with OSPF and RIP protocols, by

implementing redistribution routes between them.

The main focus, however, will be with the BGP protocol.

BGP protocol is a routing protocol for inter domains, it is used in the main internet

routers and for communication between different autonomous Systems(ASs).

BGP protocol came to solve EGP main problem, routing loops in arbitrary topologies

and allows routing based in a set of non-technical rules, defined by the different ASs.

The main function of a BGP system is to exchange information that allows network

access, including information about the routes of the ASs with other BGP systems.

When a router first connects to the network, BGP routes fully exchange their routing

tables. In a similar way, when a routing table changes, the routers send the changed

part of the routing table. Therefore, BGP routers are not regularly sending information,

and route actualizations are only felt on the optimal route to a network.

Also, BGP allows us to restrict/filter the information that is exchanged between BGP

systems, which allows to better control a vast network and its behaviour.

The document is split in two main parts, first we set, individually, the initial configuration

for the different required ASs as well as the imposed constraints.

In the second part, we globally connect all the ASs through the BGP protocol and, just as

before, configure the different ASs with the remaining constraints.

Autonomous System 65200 Initialization

Initial constraints for the initialization of AS 652000

a. Internally, uses the IPv4 address range 10.2.0.0/16

b. Internally, uses the RIP protocol, using default routes to reach other

autonomous systems.

We started by defining 3 routers and two hosts. The routers are all interconnected using

specific networks chosen by sub netting principles.

This autonomous System as the following representation:

Figure 1. AS 65200 Topology

Constraint a.

Table 1. Intra Network List for AS 65200

Intra Network List

1 10.2.0.0/24

2 10.2.1.0/24

3 10.2.2.0/24

4 10.2.3.0/24

5 10.2.4.0/24

Constraint b.

To check which protocols a router is using we used the command show running-config

on each of the routers and to see what default routes we take a look at the routing

tables with show ip route.

Table 2. AS 65200 protocols and default Routes

Router Protocol Default route

RIP1 router rip … !


R>* 0.0.0.0/0 [120/2] via 10.2.0.1, eth0 (RIP1)


R>* 0.0.0.0/0 [120/2] via 10.2.1.1, eth0 (RIP1)




b. Internally, uses the OSPF routing protocol.

c. Additionally, there are also some older networks that operate according

to the RIP protocol. For connectivity between the networks/devices

RIP/OSPF resorts to processes of redistributing routes between them,

using default routes to reach other autonomous systems.

This autonomous System is divided in 2 sides, one uses OSPF protocol while the other

uses RIP protocol. The RIP protocol side is not different from the AS 65200 in terms of

topology and the OSPF side has 1 router with one host. The connection between the RIP

and OSPF side is done by one router that includes both protocols and applies

redistribution.

This autonomous System as the following representation:


Constraint a.


Intra Network List

1 10.1.0.0/24

2 10.1.1.0/24

3 10.1.3.0/24

4 10.1.4.0/24

5 10.1.5.0/24

6 10.1.6.0/24

7 10.1.7.0/24

8 10.1.8.0/24

Constraint b.

Protocol was checked with the show running-config command.

Default Route was checked with the show ip route command.

Table 4. AS 65100 protocols and default Routes on OSPF side and bridge router


R-OSPF1 router ospf redistribute rip metric 5 … ! router rip redistribute ospf metric 7 … !

R-OSPF2 router ospf O>* 0.0.0.0/0 [110/1] via 10.1.1.1, eth0 (R-OSPF1)

Table 5. AS 65100 protocols and default Routes on RIP side


O-RIP1 router rip O>* 0.0.0.0/0 [120/2] via 10.1.0.2, eth2 (R-OSPF1)

O-RIP2 router rip R>* 0.0.0.0/0 [120/3] via 10.1.4.1, eth0 (O-RIP1)

O-RIP3 router rip R>* 0.0.0.0/0 [120/3] via 10.1.5.1, eth0 (O-RIP1)




b. Internally, uses OSPF routing protocol, structured in several areas (two

areas beyond the area 0, and with at least three routers in each area),

using default routes to reach other autonomous systems.

This AS requires to run only with OSPF protocol with 3 different areas with at least 3

routers each. We chose to have 3 routers on the backbone area (area 0) and 4 on the

other 2 areas. The router A1-R1 and A2-R2 are routers that do the connection between

area 1 and area 2, respectively, with area 0.

For this autonomous system we chose the following topology:


Constraint a.


Intra Network List Area

1 10.0.100.0 0.0.0.0

2 10.0.200.0 0.0.0.0

3 10.0.101.0 0.0.0.1

4 10.0.102.0 0.0.0.1

5 10.0.103.0 0.0.0.1

6 10.0.104.0 0.0.0.1

7 10.0.105.0 0.0.0.1

8 10.0.106.0 0.0.0.1

9 10.0.107.0 0.0.0.1

10 10.0.108.0 0.0.0.1

11 10.0.201.0 0.0.0.2

12 10.0.202.0 0.0.0.2

13 10.0.203.0 0.0.0.2

14 10.0.204.0 0.0.0.2

15 10.0.205.0 0.0.0.2

16 10.0.206.0 0.0.0.2

17 10.0.207.0 0.0.0.2

18 10.0.208.0 0.0.0.2

Constraint b.


Default Route was checked with the show ip route command.

The are was obtained with the show ip ospf command

Table 7. AS 65000 protocols, default Routes and areas

Router Protocol Default Route Area

A0-R1 router ospf 0.0.0.0

A1-R1 router ospf O>* 0.0.0.0/0 [110/1] via 10.0.100.1, eth2

(A0-R1)

0.0.0.0 and

0.0.0.1


(A1-R1)

0.0.0.1


(A1-R1)

0.0.0.1


(A1-R1)

0.0.0.1


(A0-R1)

0.0.0.0 and

0.0.0.2


(A2-R1)

0.0.0.2


(A2-R1)

0.0.0.2


(A2-R1)

0.0.0.2

Autonomous System 65300, 65400 and 65500

Initialization

a. Essentially transit autonomous systems.

b. They should have an end system for connectivity tests.

Constraint a. and b.

Figure 4. As 65300 Topology



Globally connecting all Autonomous Systems

To connect all the autonomous systems, the required protocol used is BGP.

Only one router from each AS has the implementation of this protocol (routers used in

default routes), to do this we changed the configuration to guarantee that beside the

already applied protocols, they also implement BGP.


Table 8 only shows the routers that were affected by the insertion of the BGP protocol.

Table 8. Routing protocols after BGP implementation

Autonomous System Router that implements BGP Implemented Protocols

65000 A0-R1 BGP and OSPF

65100 R-OSPF1 RIP, OSPF and BGP

65200 RIP1 RIP and BGP

65300 AS65300 BGP

65400 AS65400 BGP

65500 AS65500 BGP

Final constraints of the AS 65200

a. Has connectivity with all other ASs, with the exception of 65100.

b. Maintains BGP peering relationship outside with a single AS neighbour

that guarantees external access: the AS 65400.

Final Constraint a.

To cut the connectivity between two autonomous systems we make use of access-lists.

First we enter the router configuration mode responsible for the BGP protocol (RIP1)

with the command config terminal.

And after we create two access-lists with the command access-list 1 deny 10.1.0.0

0.0.255.255 and access-list 1 permit any

• Access-list: initialization of the command.

• 1: means that it is an IP standard access list

• deny 10.1.0.0 0.0.255.255: filters the traffic that comes from the

network 10.1.0.0 with the 0.0.255.255 as wildcard bits (10.1.0.0/16).

• Permit any: permits any traffic.

Note that the permit any access-list does not override the previously created access-lists.

If we now see the running-configuration of RIP1 we can see

access-list 1 deny 10.1.0.0 0.0.255.255

access-list 1 permit any

Final Constraint b.

To achieve this, we enter the router configuration mode responsible for the the BGP

protocol(R-OSPF1) with the command config terminal followed by router bgp 65200.

In here, we can set the neighbors with the commands neighbor 1.1.1.1 remote-as

65400.

To see if the access-list is working we perform connectivity tests:

Figure 7. Pings from different hosts from AS65200 to a host of AS65100

Figure 8. Pings from RIP PC1 to the different transit ASs

Figure 9. Pings from RIP PC2 to the different transit Ass

Figure 10. Pings from RIP PC1 to the different areas of AS 65000

Figure 11. Pings from RIP PC2 to the different areas of AS 65000


a. Has connectivity with all other ASs, with the exception of 65200.

b. Maintains BGP peering relationship outside with a single AS neighbour

that guarantees external access: the AS 65300.

Final Constraint a.

To cut the connectivity between two autonomous systems we follow the same procedure

as last AS:

First we enter the router configuration mode responsible for the BGP protocol (R-

OSPF1) with the command config terminal.

And after we create two access-lists with the command access-list 1 deny 10.2.0.0

0.0.255.255 and access-list 1 permit any

• Access-list: initialization of the command.

• 1: means that it is an IP standard access list

• deny 10.2.0.0 0.0.255.255: filters the traffic that comes from the

network 10.2.0.0 with the 0.0.255.255 as wildcard bits (10.2.0.0/16).

• Permit any: permits any traffic.

Note that the permit any access-list does not override the previously created access-lists.

If we now see the running-configuration of RIP1 we can see

access-list 1 deny 10.2.0.0 0.0.255.255

access-list 1 permit any

To see if the access-list is working we perform connectivity tests:

Figure 12. Pings from hosts of AS 65200 to AS65100 OSPF side

Figure 13. Pings from AS 65200 different hosts to AS 65100 hosts on RIP side

Final Constraint b.


protocol(R-OSPF1) with the command config terminal followed by router bgp 65100.


65300.


a. It is guaranteed global connectivity to all networks.

b. Is multihomed system but not a transit autonomous system.

c. Maintains BGP peering relationship outside with two neighbouring ASs

that guarantees external access: the AS 65300 and the AS 65400.

Final Constraint a.

As default, this autonomous system is fully connected to every other autonomous

system. To prove it, we preform connectivity tests to a host on every other ASs.

Figure 14. Ping to a OSPF host on AS65100

Figure 15. Ping to a RIP host on AS65100

Figure 16. Ping to RIP host on AS 65200

Figure 17. Ping to a host on 65300



We can conclude that AS 65000 is fully connected to all other ASs with no restrictions.

Final Constraint b. and c.

First we make sure that AS 65300 and 65400 are neighbors to this AS.


protocol(A0-R1) with the command config terminal followed by router bgp 65000.


65300 and neighbor 5.5.5.1 remote-as 65400.

To guarantee this AS in never used as transit we make use of as-paths.

First we enter the router configuration mode responsible for the BGP protocol (A0-R1)

with the command config terminal.

Here, we use the command ip as-path access-list 1 permit ^$. ^$ stands for locally

originated routes.

After, we create the route map with the commands

route-map ISP permit 10

match as-path 1

(which is the one we previously created).

Finally, we apply the route-map to outbound routes with the commands

Router bgp 65000

Neighbor 6.6.6.1 route-map ISP out

Neighbor 5.5.5.1 router-map ISP out

To prove that AS 65000 doesn’t act as transit first we pinged from a host of 65200 to

the host of AS 65300.

We can see that we still have connectivity because it took the route AS65200-

>AS65400->AS65300->host

Now, if we shutdown interface eth2 from AS65400 and redo the ping test:

We can see that the destination is not reachable, which means AS6500 is not used as

transit.

However, if we ping to a local host of AS6500:

We are able to have connectivity.

Final Topology

Conclusion

With this work we had the opportunity to further develop our knowledge with the intra

network protocols OSPF and RIP. It also allowed us to better understand their

functioning regarding redistribution and intra communication.

The experiments done with the BGP protocol, how to restrain the routes that BGP

system exchange between each other as well as traffic filtering from unwanted

connections permitted us to have a better vision on how inter networks function, behave,

how they can interact between different ASs and how they can be configured to perform

the way a network manager desires. It was also important to notice how as-paths can be

used to prevent routing loops.

Engineering

BGP and multi OSPF and RIP