1.

Configure BGP on both router

2. BGP Summary/Status

Please pay attention to the “State/PfxRcd” column of the output. It indicates the number of prefixes that
have been received from a neighbor. If this value is a number (including “0”, which means BGP
neighbour does not advertise any route) then the BGP neighbor relationship is good. If this value is a
word (including “Idle”, “Connect”, “Active”, “OpenSent”, “OpenConfirm”) then the BGP neighbour
relationship is not good.
 • Idle—The initial state that the BGP routing process enters when the routing process is
enabled or when the device is reset. In this state, the device waits for a start event,
such as a peering configuration with a remote peer. After the device receives a TCP
connection request from a remote peer, the device initiates another start event to wait
for a timer before starting a TCP connection to a remote peer. If the device is reset,
the peer is reset and the BGP routing process returns to the Idle state.
• Connect—The BGP routing process detects that a peer is trying to establish a TCP
session with the local BGP speaker.
• Active—In this state, the BGP routing process tries to establish a TCP session with a
peer device using the ConnectRetry timer. Start events are ignored while the BGP
routing process is in the Active state. If the BGP routing process is reconfigured or if
an error occurs, the BGP routing process will release system resources and return to
an Idle state.
• OpenSent—The TCP connection is established, and the BGP routing process sends an
OPEN message to the remote peer, and transitions to the OpenSent state. The BGP
routing process can receive other OPEN messages in this state. If the connection fails,
the BGP routing process transitions to the Active state.
• OpenReceive—The BGP routing process receives the OPEN message from the
remote peer and waits for an initial keepalive message from the remote peer. When a
keepalive message is received, the BGP routing process transitions to the Established
state. If a notification message is received, the BGP routing process transitions to the
Idle state. If an error or configuration change occurs that affects the peering session,
the BGP routing process sends a notification message with the Finite State Machine
(FSM) error code and then transitions to the Idle state.
• Established—The initial keepalive is received from the remote peer. Peering is now
established with the remote neighbor and the BGP routing process starts exchanging
update message with the remote peer. The hold timer restarts when an update or
keepalive message is received. If the BGP process receives an error notification, it
will transition to the Idle state.

3. Advertise Prefixes to BGP

Note: With BGP, you must advertise the correct network and subnet mask in the “network” command
(in this case network 1.1.1.0/24). BGP is very strict in the routing advertisements. In other words, BGP
only advertises the network which exists exactly in the routing table (in this case network 1.1.1.0/24
exists in the routing table as the loopback 0 interface). If you put the command “network 1.1.0.0 mask
255.255.0.0” or “network 1.0.0.0 mask 255.0.0.0” or “network 1.1.1.1 mask 255.255.255.255” then BGP
will not advertise anything.
 4. Check BGP Routing

An asterisk (*) in the first column means that the route has a valid next hop. A greater-than sign (>)
indicates the route has been selected as the best path to that network.
The “Metric” column here is not the usual metric like in OSPF or EIGRP. It is the Multi Exit Discriminator
(MED) attribute of BGP. “Weight” is another BGP attribute. The default values of both MED and Weight
are 0 (as you see at the outputs above).
The “Path” column shows the AS paths that prefix were sent to reach us. It would better to read the
“Path” from right to left to understand which path this prefix travel to reach our router. Letter “i” is
considered the starting point of the prefix and the next number is the originating AS where this prefix
originated. Next numbers are the recorded paths it traveled. For example if a prefix had to travel from
AS 1 -> 2 -> 3 -> 4 -> 5 (our AS) then we will see the path “4 3 2 1 i” on our router.
Note: A blank AS path (only letter “i” is shown) means that the route was originated in the local AS. In
the R1 output above, network 1.1.1.0/24 is originated from R1 so we see the path only has one letter
“i”.
One notice is on R1 the “Next Hop” is 0.0.0.0 which means this prefix is originated from the local router.
On R2 the Next Hop is pointing toward the interface Fa0/0 of R1 (11.0.0.1) to which R2 will send traffic
for the destination 1.1.1.0/24.
5. Use of “ip route x.x.x.x x.x.x. Null 0”
- If we want to advertise a network that we don’t have.
- Example: We want to advertise 1.0.0.0/8 in BGP. We won’t be able to advertise this
network in BGP if it’s not in the routing table. To achieve this, we’ll put this network in our
routing table
 This can be done with a static route that points to the null interface, everything you send to
the null interface will be discarded. Using a static route like this is also called a discard route.

Network 1.0.0.0 /8 is now in the routing table:

- Also, to avoid loop in network. As example below :

Router1 learns routes to 192.168.0.0/24 and 192.168.1.0/24 via OSPF.

It also learns routes to 192.168.2.0/24 and 192.168.3.0/24 via EIGRP.

These prefixes fall nicely into a summary of 192.168.0.0/22.

You advertise that via BGP and a NULL0 route is automatically created for this summary route.

Now when a packet comes in for let's say 192.168.3.33, a router does lonest match search and gets a
route to 192.168.3.0/24 via EIGRP.

So the packet gets routed using this particular route. So far so good.
But what if you lose one of these routes. Let's say later on network 192.168.3.0/24 becomes
unreachable.

A packet comes in again for 192.168.3.33. If the router didn't have a NULL0 route for summary, it
would match this packet to a default route and send it towards the default gateway.

This could easily create a loop, because default gateway router would have a summary route from
Router1 for 192.168.0.0/22 and that would be a better match for packet destined to 192.168.3.33 in its
perspective.

So the default gateway router would send it back to Router1.

The loop have formed. But because Router1 has a route to NULL0, a packet to 192.168.3.33 would
not be sent down to default gateway.

Instead it would be blackholed and the loop would be avoided.

This is the use of NULL0 routes for the purpose of summarization.

Example of MyKRIS BGP Config on TM ASR Router:

router bgp 23678 → MYKRIS ASN

neighbor 1.9.229.73 remote-as 4788 → TM Peering IPv4 and ASN

neighbor 1.9.229.73 description ### TM TM-1.5G-CSF2 ###

neighbor 2001:E68::A:B5 remote-as 4788 → TM Peering IPv6 and ASN

neighbor 2001:E68::A:B5 description ### TM-CSF-IPv6 ###

address-family ipv4

network 27.131.34.0 mask 255.255.255.0 → advertise prefixes to BGP

network 27.131.35.0 mask 255.255.255.0

network 27.131.37.0 mask 255.255.255.0

network 27.131.38.0 mask 255.255.255.0

network 27.131.40.0 mask 255.255.254.0

neighbor 1.9.229.73 activate → activate neighbour for IPv4 unicast

neighbor 1.9.229.73 soft-reconfiguration inbound → for BGP received route

neighbor 1.9.229.73 prefix-list TM-CSF out → which prefix advertise to TM

neighbor 1.9.229.73 route-map TM-IN in

neighbor 1.9.229.73 route-map TM-RouteMapOUT out

address-family ipv6

network 2405:6400::/32

network 2405:6400::/36

network 2405:6400:1000::/36

network 2405:6400:2000::/36

neighbor 2001:E68::A:B5 activate

neighbor 2001:E68::A:B5 prefix-list V6MyKris-TMCSF out

ip prefix-list TM-CSF seq 33 permit 27.131.35.0/24

ip prefix-list TM-CSF seq 34 permit 27.131.36.0/24

ip prefix-list TM-CSF seq 35 permit 27.131.45.0/24

ip route 27.131.35.0 255.255.255.0 Null0

ip route 27.131.36.0 255.255.255.0 Null0

ip route 27.131.45.0 255.255.255.0 Null0

ip prefix-list InFilter description Not Accepted Networks

ip prefix-list InFilter seq 5 deny 10.0.0.0/8 le 32

ip prefix-list InFilter seq 10 deny 127.0.0.0/8 le 32

ip prefix-list InFilter seq 15 deny 169.254.0.0/16 le 32

ip prefix-list InFilter seq 20 deny 172.16.0.0/12 le 32

ip prefix-list InFilter seq 25 deny 192.0.2.0/24 le 32

ip prefix-list InFilter seq 30 deny 192.168.0.0/16 le 32

ip prefix-list InFilter seq 61 deny 27.131.35.0/24

ip prefix-list InFilter seq 62 deny 27.131.36.0/24

ip prefix-list InFilter seq 71 deny 27.131.45.0/24

ipv6 prefix-list V6MyKris-TMCSF seq 20 permit 2405:6400:1000::/36

ipv6 prefix-list V6MyKris-TMCSF seq 30 permit 2405:6400:2000::/36

ipv6 prefix-list V6MyKris-TMCSF seq 40 permit 2405:6400::/32

ipv6 prefix-list V6MyKris-TMCSF seq 50 deny ::/0

route-map TM-IN permit 1

match ip address 81 → set higher local preference 700 to the specific destination, push the
destination via this upstream

set local-preference 700

route-map TM-IN permit 3

match as-path 82 → add additional AS patch to the destination

set as-path prepend 23678 23678

route-map TM-IN permit 4

match ip address 88

set local-preference 100

route-map TM-IN permit 5

set local-preference 600

route-map TM-RouteMapOUT deny 8

match community 499

route-map TM-RouteMapOUT permit 10

match ip address prefix-list TM-CSF

set local-preference 600

access-list 81 permit 27.100.43.0 0.0.0.255

access-list 81 permit 203.127.0.0 0.0.255.255

access-list 81 permit 198.11.132.0 0.0.0.255

access-list 81 permit 36.66.0.0 0.0.255.255

access-list 81 permit 69.7.228.0 0.0.0.255

access-list 81 permit 17.248.152.0 0.0.7.255

access-list 81 permit 57.96.16.0 0.0.7.255

access-list 81 permit 203.110.80.0 0.0.0.255

access-list 81 permit 146.228.0.0 0.0.255.255

access-list 81 permit 112.4.96.0 0.0.31.255

access-list 81 permit 202.147.0.0 0.0.63.255

access-list 82 permit 122.152.128.0 0.0.31.255

access-list 82 permit 222.252.0.0 0.0.31.255

access-list 82 permit 17.148.0.0 0.3.255.255

access-list 82 permit 116.0.64.0 0.0.31.255

access-list 82 permit 216.97.231.0 0.0.0.255

access-list 82 permit 59.32.0.0 0.7.255.255

access-list 82 permit 113.96.0.0 0.15.255.255

access-list 82 permit 203.174.128.0 0.0.6.255

access-list 82 permit 12.128.0.0 0.127.255.255