Ch 12: Advanced BGP Flashcards

1
Q

Transit routing between a multihomed enterprise network and a service provider is generally not recommend in which scenarios? (Choose all that apply.)

  1. Internet connections at data centers
  2. Internet connections at branch locations
  3. MPLS data centers
  4. MPLS branch locations
A

1, 2, and 4.

Transit routing for enterprises is generally acceptable only for data centers connecting to MPLS networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

T/F: An extended ACL used to match routes changes behavior if the routing protocol is an IGP rather than BGP.

A

True.

IGPs use the destination field to select the smallest prefix length, whereas BGP uses it to match the subnet mask for a route.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which network prefixes match the prefix match pattern 10.168.0.0/13 ge 24? (Choose two.)

a. 10.168.0.0/13
b. 10.168.0.0/24
c. 10.173.1.0/28
d. 10.104.0.0/24

A

B and C. Please see Figure 12-6 for an explanation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the correct regular expression syntax for matching a route that originated in AS 300?

a. ^300_
b. $300!
c. _300_
d. _300$

A

D.

Please see Table 12-6 for an explanation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happens when the route map route-map QUESTION permit 20 does not contain a conditional match statement?

  1. The routes are discarded, and a syslog message is logged.
  2. All routes are discarded.
  3. All routes are accepted.
  4. An error is assigned when linking the route map to a BGP peer.
A

3.

All routes are accepted and processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What happens to a route that does not match the PrefixRFC1918 prefix list when using the following route map?.

  • *route-map** QUESTION deny 10
  • *match ip** address prefix-list PrefixRFC1918

route-map QUESTION permit 20

set metric 200

  1. The route is allowed, and the metric is set to 200.
  2. The route is denied.
  3. The route is allowed.
  4. The route is allowed, and the default metric is set to 100.
A

1

Because the route does not match the prefix list, sequence 10 does not apply, and the route moves on to sequence 20 which sets the metric to 200. It is implied that the route proceeds because it was modified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

T/F: A BGP AS_Path ACL and a prefix-list can be applied to a neighbor at the same time.

A

True.

A distribute-list and a prefix-list cannot be used at the same time for a neighbor. All other filtering techniques can be combined.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is not a well-known BGP community?

a. No_Advertise
b. Internet
c. No_Export
d. Private_Route

A

D.

The other communities are common global communities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following techniques is the second selection criterion for the BGP best path?

  1. Weight
  2. Local preference
  3. Origin
  4. MED
A

B. Local preference is the second selection criterion for the BGP best path.

How the Best Path Algorithm Works

  1. Prefer the path with the highest WEIGHT.
    • Note: WEIGHT is a Cisco-specific parameter. It is local to the router on which it is configured.
  2. Prefer the path with the highest LOCAL_PREF.
  3. Prefer the path that was locally Originated via a network or aggregate BGP subcommand or through redistribution from an IGP.
  4. Prefer the path with the shortest AS_PATH.
      • An AS_SET counts as 1, no matter how many ASs are in the set.
  5. Prefer the path with the lowest multi-exit discriminator (MED).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F: For MED to be used as a selection criterion, the routes must come from different autonomous systems.

A

False.

For MED to be used, the routes must come from the same AS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

T/F: If an enterprise uses BGP to connect with more than one service provider, it runs the risk of its autonomous system (AS) becoming a transit AS.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In Figure 12-2, AS 500 is connecting to two different service providers (SP3 and SP4) for resiliency. Problems can arise if R1 and R2 use the ________________.

A

Problems can arise if R1 and R2 use the default BGP routing policy.

A user that connects to SP3 (AS 300) routes through the enterprise network (AS 500) to reach a server that attaches to SP4 (AS 400). SP3 receives the 100.64.1.0/24 prefix from AS 100 and AS 500. SP3 selects the path through AS 500 because the AS_Path is much shorter than going through SP1 and SP2’s networks.

The AS 500 network is providing transit routing to everyone on the Internet, which can saturate AS 500’s peering links. In addition to causing problems for the users in AS 500, this situation has an impact on traffic from the users that are trying to transverse AS 500.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can the problem of transit routing be avoided?

A

Transit routing can be avoided by applying outbound BGP route policies that only allow for local BGP routes to be advertised to other autonomous systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is asymmetric forwarding?

A

Asymmmetic forwarding occurs when a different path for each direction is used. This makes troubleshooting difficult.

Symmetric forwarding simplifies troubleshooting (i.e. traffic follows the same path in both directions) as opposed to asymmetric forwarding (a different path for each direction) because the full path has to be discovered in both directions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is meant by a ‘deterministic’ path?

A

The path is considered deterministic when the flow between sites is predetermined and predictable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

T/F: Multihomed environments should be configured so that branch routers cannot act as transit routers.

A

True.

Multihomed environments should be configured so that branch routers cannot act as transit routers.

In most designs, transit routing of traffic from another branch is undesirable, as WAN bandwidth may not be sized accordingly. Transit routing can be avoided by configuring outbound route filtering at each branch site. In essence, the branch sites do not advertise what they learn from the WAN but advertise only networks that face the LAN. If transit behavior is required, it is restricted to the data centers or specific locations as follows:

  • Proper routing design can accommodate outages.
  • Bandwidth can be sized accordingly.
  • The routing pattern is bidirectional and predictable.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the ranges for Standard and Extended ACLs?

A
  • Standard ACLS use a numbered entry 1–99, 1300–1999, or a named ACL.
  • Extended ACLs use a numbered entry 100–199, 2000–2699, or a named ACL.

Named ACLs provide relevance to the functionality of the ACL, can be used with standard or extended ACLs, and are generally preferred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the process for defining a standard ACL? Hint: there are two steps…

A

This is the process for defining a standard ACL:

  1. Define the ACL by using the command:
    • ip access-list standard {acl-number | acl-name} This puts the CLI in ACL configuration mode.
  2. Configure the specific ACE entry with the command:
    • [sequence] {permit | deny } source source-wildcard.
    • In lieu of using source source-wildcard, the keyword any replaces 0.0.0.0 0.0.0.0, and use of the host keyword refers to a /32 IP address so that the source-wildcard can be omitted.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the steps to define an extended ACL? Hint: there are two steps…

A

The following is the process for defining an extended ACL:

  1. Define the ACL by using the command:
    • ip access-list extended {acl-number | acl-name} and placing the CLI in ACL configuration mode.
  2. Configure the specific ACE entry with the command:
    • [sequence] {permit | deny} protocol source source-wildcard destination destination-wildcard. The behavior for selecting a network prefix with an extended ACL varies depending on whether the protocol is an IGP (EIGRP, OSPF, or IS-IS) or BGP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

T/F: When ACLS are used for IGP network selection, the source fields of the ACL are used to identify the network, and the destination fields identify the smallest prefix length allowed in the network range.

A

True.

Table 12-3 provides sample ACL entries from within the ACL configuration mode and specifies the networks that would match with the extended ACL. Notice that the subtle difference in the destination wildcard for the 172.16.0.0 network affects the network ranges that are permitted in the second and third rows of the table.

Note: The 172.16.0.0 255.240.0.0 range is the RFC1918 range, 172.16.0.0 - 172.16.31.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

T/F: Extended ACLs react differently when matching BGP routes than when matching IGP routes.

A

Extended ACLs react differently when matching BGP routes than when matching IGP routes. The source fields match against the network portion of the route, and the destination fields match against the network mask, as shown in Figure 12-5. Until the introduction of prefix lists, extended ACLs were the only match criteria used with BGP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Extended ACL for BGP Route Selection. Write the ACLs to match the following four examples:

  1. Permits only the 10.0.0.0/16 network
  2. Permits any 10.0.x.0 network with a /24 prefix length
  3. Permits any 172.16.x.x network with a /24 to /32 prefix length
  4. Permits any 172.16.x.x network with a /25 to /32 prefix length
A

Remember that extended ACLs react differently when matching BGP routes than when matching IGP routes. The source fields match against the network portion of the route, and the destination fields match against the network mask, as shown in Figure 12-5. Until the introduction of prefix lists, extended ACLs were the only match criteria used with BGP.

  1. permit ip 10.0.0.0 0.0.0.0 255.255.0.0 0.0.0.0
  2. permit ip 10.0.0.0 0.0.255.0 255.255.255.0 0.0.0.0
  3. permit ip 172.16.0.0 0.0.255.255 255.255.255.0 0.0.0.255
  4. permit ip 172.16.0.0 0.0.255.255 255.255.255.128 0.0.0.127
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Extended IGP ACL for IGP route selection. Write the ACLs to match the following requirements:

  1. Permits all networks
  2. Permits all networks in the 172.16.0.0/12 range
  3. Permits all networks in the 172.16.0.0/16 range
  4. Permits only the 192.168.1.1/32 network
A

When ACLS are used for IGP network selection, the source fields of the ACL are used to identify the network, and the destination fields identify the smallest prefix length allowed in the network range.

  1. permit ip any any
  2. permit ip host 172.16.0.0 host 255.240.0.0
  3. permit ip host 172.16.0.0 host 255.255.0.0
  4. permit host 192.168.1.1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is Prefix-list Matching?

A

Prefix lists provide another method of identifying networks in a routing protocol.

A prefix list identifies a specific IP address, network, or network range and allows for the selection of multiple networks with a variety of prefix lengths by using a prefix match specification.

Many network engineers prefer this over the ACL network selection method.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

T/F: A prefix match specification contains two parts: a high-order bit pattern and a high-order bit count, which determines the high-order bits in the bit pattern that are to be matched.

A

True.

Some documentation refers to the high-order bit pattern as the address or network and the high- order bit count as the length or mask length.

In Figure 12-6, the prefix match specification has the high-order bit pattern 192.168.0.0 and the high-order bit count 16. The high-order bit pattern has been converted to binary to demonstrate where the high-order bit count lies. Because there are not additional matching length parameters included, the high-order bit count is an exact match.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following matches 10.168.0.0/13 ge 24

  1. 10.168.0.0/13
  2. 10.168.0.0/24
  3. 10.173.1.0/28
  4. 10.104.0.0/24
A

2&3 are correct. 10.168.0.0/24 and 10.173.1.0/28 meet the criteria.

Figure 12-7 demonstrates the prefix match specification with the high-order bit pattern 10.168.0.0 and high-order bit count 13; the matching length of the prefix must be greater than or equal to 24.

The 10.168.0.0/13 prefix does not meet the matching length parameter because the prefix length is less than the minimum of 24 bits, whereas the 10.168.0.0/24 prefix does meet the matching length parameter. The 10.173.1.0/28 prefix qualifies because the first 13 bits match the high-order bit pattern, and the prefix length is within the matching length parameter. The 10.104.0.0/24 prefix does not qualify because the high-order bit pattern does not match within the high-order bit count.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following match 10.0.0.0/8 ge 22 le 26?

  1. 10.0.0.0/8
  2. 10.0.0.0/24
  3. 10.0.0.0/30
A

2. 10.0.0.0/24

The 10.0.0.0/8 prefix does not match because the prefix length is too short. The 10.0.0.0/24 network qualifies because the bit pattern matches, and the prefix length is between 22 and 26. The 10.0.0.0/30 prefix does not match because the bit pattern is too long. Any prefix that starts with 10 in the first octet and has a prefix length between 22 and 26 will match.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

T/F: Matching to a specific prefix length that is higher than the high-order bit count requires that the ge-value and le-value match.

A

True.

Both must be true, as in logical AND.

e.g.

10.0.0.0/8 ge 16 le 24 will match all prefixes within the 10.0.0.0/8 network having a mask both a) greater than or equal to 16 bits, and b) less than or equal to 24 bits in length. For instance, 10.42.0.0/18 would be matched, because its length is between 16 and 24 (inclusive), but neither 10.16.0.0/12 nor 10.123.77.128/25 would be matched.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

T/F: Prefix lists can contain only one prefix matching specification entries that contain a permit or deny action.

A

False.

Prefix lists can contain multiple prefix matching specification entries that contain a permit or deny action.

Prefix lists process in sequential order in a top-down fashion, and the first prefix match processes with the appropriate permit or deny action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

T/F: Prefix lists can be resequenced, just like ACLs

A

False.

Because prefix lists cannot be resequenced, it is advisable to leave enough space for insertion of sequence numbers at a later time.

If a sequence is not provided, the sequence number auto-increments by 5, based on the higest sequence number. The first entry is 5. Sequencing enables the deletion of a specific entry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is the command to configure a prefix-list?

A

Prefix lists are configured with the global configuration command:

ip prefix-list prefix-list-name [seq sequence-number] {permit | deny} high-order-bit-pattern/high-order-bit-count [ge ge-value] [le le-value].

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

T/F: In a prefix list this equation applies.

high-order bit count < ge-value <= le-value

A

True.

IOS and IOS XE require that the ge-value be greater than the high-order bit count and that the le-value be greater than or equal to the ge-value:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is permitted by this prefix list? (go line by line to analyze)

  • ip prefix-list RFC1918 seq 5 permit 192.168.0.0/13 ge 32
  • ip prefix-list RFC1918 seq 10 deny 0.0.0.0/0 ge 32
  • ip prefix-list RFC1918 seq 15 permit 10.0.0.0/7 ge 8
  • ip prefix-list RFC1918 seq 20 permit 172.16.0.0/11 ge 12
  • ip prefix-list RFC1918 seq 25 permit 192.168.0.0/15 ge 16
A
  • Sequence 5 permits all /32 prefixes in the 192.168.0.0/13 bit pattern.
  • Sequence 10 denies all /32 prefixes in any bit pattern.
  • Sequences 15, 20, and 25 permit routes in the appropriate private network ranges.
  • The sequence order is important for the first two entries to ensure that only /32 prefixes exist in the 192.168.0.0 network in the prefix list.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the command to configure an IPv6 prefix-list?

A

IPv6 prefix lists are configured with the global configuration command:

  • ipv6 prefix-list prefix-list-name [seq sequence-number] {permit | deny} high-order-bit-pattern/high- order-bit-count [ge ge-value] [le le-value].

​Exactly the same as IPv4…

35
Q

What is the command to parse the LOC-RIB BGP table using a regular expression?

A

Regular expressions (regex) are used to parse through the large number of available ASNs (4,294,967,295). Regular expressions are based on query modifiers used to select the appropriate content. The BGP table can be parsed with regex by using the command

  • show bgp afi safi regexp regex-pattern.
36
Q

What are the REGEX commands for the following:

  1. Matches a space
  2. Indicates the start of a string
  3. Indicates the end of a string
  4. Matches a single character or nesting within a range
  5. Indicates a range of numbers in brackets
  6. Excludes the characters listed in brackets
  7. Used for nesting of search patterns
  8. Provides OR functionality to the query
  9. Matches a single character, including a space
  10. Matches zero or more characters or patterns
  11. Matches one or more instances of the character or pattern
  12. Matches one or no instances of the character or pattern
A
  1. _ (underscore)
  2. ^ (caret)
  3. $ (dollar sign)
  4. [] (brackets)
    • (hyphen)
  5. [^] (caret in brackets)
  6. () (parentheses)
  7. | (pipe)
  8. . (period)
  9. * (asterisk)
    • (plus sign)
  10. ? (question mark)
37
Q

What is a looking glass?

A

Hands-on experience is helpful when learning technologies such as regex. There are public servers called looking glasses that allow users to log in and view BGP tables. Most of these devices are Cisco routers, but some are from other vendors. These servers allow network engineers to see if they are advertising their routes to the Internet as they had intended and provide a great method to try out regular expressions on the Internet BGP table.

A quick search on the Internet will provide website listings of looking glass and route servers. We suggest http://www.bgp4.as.

38
Q

Draw the BGP Route Processing Policy Flow chart.

A

This will take many iterations but will imbed the flow into your brain.

Figure 12-9 shows the complete BGP route processing logic. Notice that the routing policies occur on inbound route receipt and outbound route advertisement.

39
Q

IOS XE provides four methods of filtering routes inbound or outbound for a specific BGP peer. What are they?

A

These methods can be used individually or simultaneously with other methods:

  1. Distribute list: A distribute list involves the filtering of network prefixes based on a standard or extended ACL. An implicit deny is associated with any prefix that is not permitted.
  2. Prefix list: A list of prefix-matching specifications permit or deny network prefixes in a top-down fashion, similar to an ACL. An implicit deny is associated with any prefix that is not permitted.
  3. AS path/ACL/regex filtering: A list of regex commands allow for the permit or deny of a network prefix based on the current AS path values. An implicit deny is associated with any prefix that is not permitted.
  4. Route maps: Route maps provide a method of conditional matching on a variety of prefix attributes and taking a variety of actions. Actions could be a simple permit or deny; or could include the modification of BGP path attributes. An implicit deny is associated with any prefix that is not permitted.
40
Q

T/F: A BGP neighbor can use a distribute list and prefix list at the same time for receiving or advertising routes.

A

False.

A BGP neighbor cannot use a distribute list and prefix list at the same time for receiving or advertising routes.

41
Q

Distribute lists allow the filtering of network prefixes on a neighbor-by-neighbor basis, using ______________________.

A

Distribute lists allow the filtering of network prefixes on a neighbor-by-neighbor basis, using standard or extended ACLs.

42
Q

What command will configure a BGP distribute list to filter traffic for a peer?

A

Configuring a distribute list requires using the BGP address-family configuration command:

  • neighbor ip-address distribute-list {acl-number | acl-name} {in|out}.

Remember that extended ACLs for BGP use the source fields to match the network portion and the destination fields to match against the network mask.

43
Q

Which networks does the following config snippet from R1 allow? and to whom?

R1#

ip access-list extended ACL-ALLOW
permit ip 192.168.0.0 0.0.255.255 host 255.255.255.255

permit ip 100.64.0.0 0.0.255.0 host 255.255.255.128

!

router bgp 65100

address-family ipv4
neighbor 10.12.1.2 distribute-list ACL-ALLOW in

A

R1’s BGP configuration demonstrates filtering with distribute lists.

Remember that distribute lists allow the filtering of network prefixes on a neighbor-by-neighbor basis, using standard or extended ACLs.

The configuration on R1 uses an extended ACL named ACL-ALLOW that contains two entries.

  • The first entry allows for any network in the 192.168.0.0 to 192.168.255.255 range with any length of network, up to and including /32.
  • The second entry allows for networks that contain 100.64.x.0 pattern with a prefix length of /25. This demonstrates the wildcard abilities of an extended ACL with BGP.
  • The distribute list is then associated with R2’s BGP session.
44
Q

Which of the following are allowed by the distribute list to be injected into the BGP Loc-RIB table?

  1. 10.12.1.0/24 (local route, directly connected)
  2. 192.168.1.1/32 (local route, directly connected)
  3. 192.168.2.2/32
  4. 192.168.3.3/32
  5. 100.64.2.0/25
  6. 100.64.3.0/25
  7. 100.64.2.192/26

R1#

ip access-list extended ACL-ALLOW
permit ip 192.168.0.0 0.0.255.255 host 255.255.255.255

permit ip 100.64.0.0 0.0.255.0 host 255.255.255.128

router bgp 65100

address-family ipv4
neighbor 10.12.1.2 distribute-list ACL-ALLOW in

A

See attached diagram of Example 12-10 that displays the routing table of R1. This shows what has been accepted.

  • Two local routes are injected into the BGP table by R1 (10.12.1.0/24 and 192.168.1.1/32).
  • The two loopback networks from R2 (AS 65200) and R3 (AS 65300) are allowed because they are within the first ACL-ALLOW entry
  • Two of the networks in the 100.64.x.0 pattern (100.64.2.0/25 and 100.64.3.0/25) are accepted.
  • The 100.64.2.192/26 network is rejected because the prefix length does not match the second ACL-ALLOW entry.
45
Q

What can you use a prefix-list filter for?

A

Prefix lists allow the filtering of network prefixes on a neighbor-by-neighbor basis, in either then in or out directions.

46
Q

What is the command to apply an existing prefix-list to a BGP neighbor? and under what context is it configured?

A

Configuring a prefix list involves using the BGP address family configuration command:

  • neighbor ip-address prefix-list prefix-list-name {in | out}

or indirectly, maybe with some additional PAs set:

  • neighbor ip-address route-map route-map-name {in | out}
  • e.g.
  • route-map BGP-IN-AWS permit 10
    • neighbor 169.254.9.189 route-map BGP-IN-AWS in
    • neighbor 169.254.9.189 route-map BGP-OUT-AWS out
  • ip prefix-list BGP-OUT-AWS seq 1 permit 10.1.11.0/24
  • ip prefix-list BGP-OUT-AWS seq 2 permit 10.1.13.0/24
  • etc…
47
Q

What will the following sequence of commands permit?

R1# configure terminal
R1(config)# ip prefix-list RFC1918 seq 15 permit 10.0.0.0/7 ge 8

R1(config)# ip prefix-list RFC1918 seq 20 permit 172.16.0.0/11 ge 12

R1(config)# ip prefix-list RFC1918 seq 25 permit 192.168.0.0/15 ge 16

R1(config)# router bgp 65100
R1(config-router)# address-family ipv4 unicast
R1(config-router-af)# neighbor 10.12.1.2 prefix-list RFC1918 in

A

This will allow only routes within the RFC 1918 space.

48
Q

T/F: AS_Path filtering uses regular expressions.

A

True.

Selecting routes from a BGP neighbor by using the AS path requires the definition of an AS path access control list (AS path ACL). Regular expressions, introduced earlier in this chapter, are a component of AS_Path filtering.

49
Q

What is the command to create an AS_Path ACL? Hint: they are two separate command words.

and the command to apply it?

A

The command to create an AS path ACL is:

  • ip as-path access-list acl-number {deny | permit} regex-query

The ACL is then applied with the command:

  • neighbor ip-address filter-list acl-number {in|out}.
50
Q

What does the following code snippet accomplish?

R2

ip as-path access-list 1 permit ^$

!
router bgp 65200

address-family ipv4 unicast
neighbor 10.12.1.1 filter-list 1 out

neighbor 10.23.1.3 filter-list 1 out

A

This snippet of configuration on R2 is using an AS path ACL to restrict advertised route traffic to only locally originated traffic, using the regex pattern ^$. To ensure completeness, the AS path ACL is applied on all eBGP neighborships.

The regex “^$” translates to “Local originating routes”.

51
Q

T/F: Route maps can be used to manipulate BGP Path Attributes and can be applied to both in/out directions with different maps.

A

True.

52
Q

What is the command to associate a route map to a BGP neighbor?

A

The route map is associated with the BGP neighbor (under the specific address family) with the command:

  • neighbor ip-address route-map route-map-name {in|out}
53
Q

Extra difficult! Write the code for two prefix lists and one route-map to accomplish the following criteria. The neighbor to be filtered is 10.12.1.1, and use these names:

  • prefix-list FIRST-RFC1918
  • prefix-list SECOND-CGNAT
  • route-map AS65200IN
  1. Deny any routes that are in the 192.168.0.0/16 network by using a prefix list.
  2. Match (permit) any routes originating from AS 65200 that are within the 100.64.0.0/10 network range and set the BGP local preference to 222.
  3. Match any routes originating from AS 65200 within the 100.64.0.0/10 network, that did not match step 2, and set the BGP weight to 65200.
  4. Permit all other routes to process.
A

Route maps allow for multiple steps in processing as well. To demonstrate this concept, our route map will consist of four steps:

R1

ip prefix-list FIRST-RFC1918 permit 192.168.0.0/15 ge 16

ip as-path access-list 1 permit _65200$

ip prefix-list SECOND-CGNAT permit 100.64.0.0/10 ge 11
!

route-map AS65200IN deny 10
description Deny any RFC1918 networks via Prefix List Matching

match ip address prefix-list FIRST-RFC1918

!
route-map AS65200IN permit 20

description Change local preference for AS65200 originate route in 100.64.x.x/10

match ip address prefix-list SECOND-CGNAT
match as-path 1
set local-preference 222

!
route-map AS65200IN permit 30

description Change the weight for AS65200 originate routes

match as-path 1
set weight 65200

!
route-map AS65200IN permit 40

description Permit all other routes un-modified (blank implies match all)

!

router bgp 65100 address-family ipv4 unicast

neighbor 10.12.1.1 route-map AS65200IN in

54
Q

T/F: It is considered a best practice to use a different route policy for inbound and outbound prefixes for each BGP neighbor.

A

True.

55
Q

How many methods does BGP allow connections to be cleared with?

A

BGP supports two methods of clearing a BGP session.

  1. The first method is a hard reset, which tears down the BGP session, removes BGP routes from the peer, and is the most disruptive.
  2. The second method is a soft reset, which invalidates the BGP cache and requests a full advertisement from its BGP peer.
56
Q

What is the command to initiate a hard reset? and a soft reset?

A

Routers initiate a hard/soft reset with the command:

  • clear ip bgp ip-address [soft] (soft reset is initiated by using the optional soft keyword).

Note: All of a router’s BGP sessions can be cleared by using an asterisk * in lieu of the peer’s IP address.

57
Q

BGP communities are ____________ BGP attributes.

  1. Well-Known Mandatory
  2. Well-Known Discretionary
  3. Optional Transitive
  4. Optional Non-Transitive
A

3.

Because they are transitive they can traverse from AS to AS.

58
Q

T/F: A BGP community is a 16-bit number that can be included with a route.

A

False.

A BGP community is a 32-bit number that can be included with a route.

A BGP community can be displayed as a full 32-bit number (0–4,294,967,295) or as two 16-bit numbers (0–65535):(0–65535), commonly referred to as new format.

59
Q

What is the format of the AS numbering on a private BGP community?

A

BGP communities provide additional capability for tagging routes and for modifying BGP routing policy on upstream and downstream routers.

Private BGP communities follow a particular convention where the first 16 bits represent the AS of the community origination, and the second 16 bits represent a pattern defined by the originating AS.

A private BGP community pattern can vary from organization to organization, does not need to be registered, and can signify geographic locations for one AS while signifying a method of route advertisement in another AS. Some organizations publish their private BGP community patterns on websites such as http://www.onesc.net/communities/.

60
Q

What is the range of AS numbers for Well-Known communities?

A

RFC 1997 defines a set of global communities (known as well-known communities) that use the community range 4,294,901,760 (0xFFFF0000) to 4,294,967,295 (0xFFFFFFFF).

All routers that are capable of sending/receiving BGP communities must implement well-known communities.

61
Q

Define the following four common well-known communities:

  1. Internet:
  2. No_Advertise:
  3. No_Export:
  4. Local-AS:
A
  1. Internet: This is a standardized community for identifying routes that should be advertised on the Internet. In larger networks that deploy BGP into the core, advertised routes should be advertised to the Internet and should have this community set. This allows for the edge BGP routers to only allow the advertisement of BGP routes with the Internet community to the Internet. Filtering is not automatic but can be done with an outbound route map.
  2. No_Advertise: Routes with this community should not be advertised to any BGP peer (iBGP or eBGP).
  3. No_Export: When a route with this community is received, the route is not advertised to any eBGP peer. Routes with this community can be advertised to iBGP peers.
  4. Local-AS: don’t advertise the prefix outside of the sub-AS (this one is used for BGP confederations).
62
Q

What is the command to enable sending BGP communities to a neighbor?

A

Communities are enabled on a neighbor-by-neighbor basis with the BGP address family configuration command under the neighbor’s address family configuration:

  • neighbor ip-address send-community [standard | extended | both]

If a keyword is not specified, standard communities are sent by default.

63
Q

T/F: IOS and IOS XE routers advertise BGP communities to peers by default.

A

False.

IOS and IOS XE routers do not advertise BGP communities to peers by default.

64
Q

What is the IOS-XE command to set BGP communities to display in new-format?

A

IOS XE nodes can display communities in new format, which is easier to read, with the global configuration command:

  • ip bgp-community new-format

Example 12-19 displays the BGP community in decimal format first, followed by the new format.

65
Q

What is the command to view the BGP path attributes, including community information, for network 10.23.1.0/24?

A

show ip bgp 10.23.1.0/24

66
Q

T/F: Conditionally matching requires the creation of a community list that shares a similar structure to an ACL, can be standard or expanded, and can be referenced by number or name.

A

True.

67
Q

T/F: Routers always select the path a packet should take by examining the prefix length of a network entry. The path selected for a packet is chosen based on the prefix length, where the longest prefix length is always preferred.

A

True.

Routers always select the path a packet should take by examining the prefix length of a net- work entry. The path selected for a packet is chosen based on the prefix length, where the longest prefix length is always preferred.

For example, /28 is preferred over /26, and /26 is preferred over /24.

68
Q

T/F: A BGP route table may contain multiple paths to the same destination network.

A

True.

In BGP, route advertisements consist of Network Layer Reachability Information (NLRI) and path attributes (PAs). The NLRI consists of the network prefix and prefix length, and the BGP attributes such as AS_Path, origin, and so on are stored in the PAs.

Every path’s attributes impact the desirability of the route when a router selects the best path. A BGP router advertises only the best path to the neighboring routers.

69
Q

T/F: Inside the BGP Loc-RIB table, all possible routes and their path attributes are maintained with the best path calculated.

A

Inside the BGP Loc-RIB table, all the routes and their path attributes are maintained with the best path calculated. The best path is then installed in the RIB of the router.

If the best path is no longer available, the router can use the existing paths to quickly identify a new best path. BGP recalculates the best path for a prefix upon four possible events:

  1. BGP next-hop reachability change
  2. Failure of an interface connected to an eBGP peer
  3. Redistribution change
  4. Reception of new or removed paths for a route
70
Q

T/F: BGP automatically installs the first received path as the best path.

A

True.

When additional paths are received for the same network prefix length, the newer paths are compared against the current best path. If there is a tie, processing continues until a best-path winner is identified.

71
Q

What are the top 3 attributes that the BGP best-path algorithm uses for the best-path selection?

A
  1. Weight
  2. Local preference
  3. Local originated (network statement, redistribution, or aggregation)
72
Q

What is the BGP path attribute ‘weight’?

A
  • BGP weight is a Cisco-defined attribute and the first step for selecting the BGP best path.
  • Weight is a 16-bit value (0 to 65,535) assigned locally on the router; it is not advertised to other routers.
  • The path with the higher weight is preferred.
  • Weight can be set for specific routes with an inbound route map or for all routes learned from a specific neighbor.
  • Weight is not advertised to peers and only influences outbound traffic from a router or an AS.
  • Because it is the first step in the best-path algorithm, it should be used when other attributes should not influence the best path for a specific network.
73
Q

What is the BGP path attribute ‘Local-Preference’?

A

Local preference (LOCAL_PREF) is a well-known discretionary path attribute and is included with path advertisements throughout an AS. The local preference attribute is a 32-bit value (0 to 4,294,967,295) that indicates the preference for exiting the AS to the destination network.

The local preference is not advertised between eBGP peers and is typically used to influence the next-hop address for outbound traffic (that is, leaving an autonomous system). Local preference can be set for specific routes by using a route map or for all routes received from a specific neighbor.

A higher value is preferred over a lower value. If an edge BGP router does not define the local preference upon receipt of a prefix, the default local preference value of 100 is used during best-path calculation, and it is included in advertisements to other iBGP peers. Modifying the local preference can influence the path selection on other iBGP peers without impacting eBGP peers because local preference is not advertised outside the autonomous system.

74
Q

What is the BGP path attribute ‘Locally Originated’?

A

The third decision point in the best-path algorithm is to determine whether the route originated locally. Preference is given in the following order:

  • Routes that were advertised locally
  • Networks that have been aggregated locally
  • Routes received by BGP peers
75
Q

What is the BGP path attribute ‘Accumulated Interior Gateway Protocol (AIGP)’?

A

Accumulated Interior Gateway Protocol (AIGP) is an optional nontransitive path attribute that is included with advertisements throughout an AS.

IGPs typically use the lowest-path metric to identify the shortest path to a destination but cannot provide the scalability of BGP. BGP uses an AS to identify a single domain of control for a routing policy. BGP does not use path metric due to scalability issues combined with the notion that each AS may use a different routing policy to calculate metrics.

AIGP provides the ability for BGP to maintain and calculate a conceptual path metric in environments that use multiple ASs with unique IGP routing domains in each AS. The ability for BGP to make routing decisions based on a path metric is a viable option because all the ASs are under the control of a single domain, with consistent routing policies for BGP and IGPs.

The following guidelines apply to AIGP metrics:

  • A path with an AIGP metric is preferred to a path without an AIGP metric.
  • If the next-hop address requires a recursive lookup, the AIGP path needs to calculate a derived metric to include the distance to the next-hop address. This ensures that the cost to the BGP edge router is included. The formula is
    • Derived AIGP metric = (Original AIGP metric + Next-hop AIGRP metric)
    • If multiple AIGP paths exist and one next-hop address contains an AIGP metric and the other does not, the non-AIGP path is not used.
    • The next-hop AIGP metric is recursively added if multiple lookups are performed.
  • AIGP paths are compared based on the derived AIGP metric (with recursive next hops) or the actual AIGP metric (non-recursive next hop). The path with the lower AIGP metric is preferred.
  • When a router R2 advertises an AIGP-enabled path that was learned from R1, if the next-hop address changes to an R2 address, R2 increments the AIGP metric to reflect the distance (the IGP path metric) between R1 and R2.
76
Q

What is the BGP path attribute ‘AS path length’?

A

After AIGP, the next decision factor for the BGP best-path algorithm is the AS path length. The path length typically correlates to the AS hop count. A shorter AS path is preferred over a longer AS path.

Prepending ASNs to the AS path makes it longer, thereby making that path less desirable compared to other paths. Typically, the AS path is prepended with the network owner’s ASN.

In general, a path that has had the AS path prepended is not selected as the BGP best path because the AS path is longer than the non-prepended path advertisement. Inbound traffic is influenced by prepending AS path length in advertisements to other ASs, and outbound traffic is influenced by prepending advertisements received from other ASs.

77
Q

What is the BGP path attribute ‘Origin Type’?

A

After AS path length, the next BGP best-path decision factor is the well-known mandatory BGP attribute named origin.

By default, networks that are advertised through the network statement are set with the IGP or i origin, and redistributed networks are assigned the Incomplete or ? origin attribute. The origin preference order is:

  1. IGP origin (i) (most preferred)
  2. EGP origin
  3. Incomplete origin (?) (least preferred)
78
Q

What is the BGP path attibute multiple-exit discriminator (MED)?

A

The next BGP best-path decision factor is the non-transitive BGP attribute named multiple-exit discriminator (MED). MED uses a 32-bit value (0 to 4,294,967,295) called a metric.

BGP sets the MED automatically to the IGP path metric during network advertisement or redistribution. If the MED is received from an eBGP session, it can be advertised to other iBGP peers, but it should not be sent outside the AS that received it. MED’s purpose is to influence traffic flows inbound from a different AS. A lower MED is preferred over a higher MED.

NOTE: For MED to be an effective decision factor, the paths being decided upon must come from the same ASN.

79
Q

What is the BGP path attribute ‘eBGP over iBGP’?

A

The next BGP best-path decision factor is whether the route comes from an iBGP, eBGP, or confederation member AS (sub-AS) peering. The best-path selection order is

  1. eBGP peers (most desirable)
  2. Confederation member AS peers
  3. iBGP peers (least desirable)
80
Q

What is the BGP path attribute ‘lowest IGP metric’?

A

The next decision step is to use the lowest IGP cost to the BGP next-hop address. A path is preferred because the metric to reach the next-hop address is lower.

81
Q

What is the BGP path attribute ‘Prefer the Oldest eBGP Path’?

A

BGP can maintain large routing tables, and unstable sessions result in the BGP best-path calculation executing frequently. BGP maintains stability in a network by preferring the path from the oldest (established) BGP session.

The downfall of this technique is that it does not lead to a deterministic method of identify- ing the BGP best path from a design perspective.

82
Q

What is the BGP path attribute ‘Router ID’?

A

The next step for the BGP best-path algorithm is to select the best path using the lowest router ID of the advertising eBGP router. If the route was received by a route reflector, then the originator ID is substituted for the router ID.

83
Q

What is the BGP path attribute ‘Minimum Cluster List Length’?

A

The next step in the BGP best-path algorithm is to select the best path using the lowest cluster list length.

The cluster list is a non-transitive BGP attribute that is appended (not over- written) by a route reflector with its cluster ID. Route reflectors use the cluster ID attribute as a loop-prevention mechanism. The cluster ID is not advertised between ASs and is locally significant. In simplest terms, this step locates the path that has traveled the lowest number of iBGP advertisement hops.

84
Q

What is the BGP path attribute ‘Lowest Neighbor Address’?

A

The last step of the BGP best-path algorithm is to select the path that comes from the lowest BGP neighbor address. This step is limited to iBGP peerings because eBGP peerings used the oldest received path as the tie breaker.