642-691

BGP Confederations (GNS3 Lab)

moonie

Sep 27, 2010 • 4 min read

Similar to using route reflectors confederations are usually used to reduce the amount of IBGP connections needed for a full mesh. They do this by splitting an AS into multiple sub ASs. In the sub ASs created by the confederation all the normal rules of IBGP apply e.g. Fully meshed. EBGP must run between the sub ASs. To the outside world a confederation still looks like a single full AS. The AS numbers for the sub ASs can be assigned from the private AS range between 64512 and 65535. Another benefit/feature of a confederation is that IGPs that run within a sub AS are completly autonomous from IGPs in other sub ASs.

Below we will configure two confederations inside AS200. The GNS3 net file and the initail configs with addressing and EIGRP/OSPF configured can be found [HERE].

Each of the sub ASs has full connectivity within itself at the moment so to build on this configure each of the routers in turn starting with Conf1A.

Conf1A(config)#conf t Conf1A(config)#router bgp 65001 Conf1A(config-router)#bgp confederation identifier 200 Conf1A(config-router)#network 10.1.12.0 mask 255.255.255.0 Conf1A(config-router)#network 10.1.23.0 mask 255.255.255.0 Conf1A(config-router)#neighbor 10.1.12.1 remote-as 100 Conf1A(config-router)#neighbor 10.1.23.3 remote-as 65001 Conf1A(config-router)#neighbor 10.1.34.4 remote-as 65001

First we enter bgp config mode under the sub AS number. We then configure the router to tell EBGP neighbours its part of AS200 using the confederation identifier command. After that its IBGP with other hosts in the sub AS (using the sub AS number) and EBGP as normal to SmileyISP. Now Conf1B.

Conf1B(config-router)#router bgp 65001 Conf1B(config-router)#no synchronization Conf1B(config-router)#bgp log-neighbor-changes Conf1B(config-router)#bgp confederation identifier 200 Conf1B(config-router)#bgp confederation peers 65002 Conf1B(config-router)#network 10.1.23.0 mask 255.255.255.0 Conf1B(config-router)#network 10.1.34.0 mask 255.255.255.0 Conf1B(config-router)#network 10.1.36.0 mask 255.255.255.0 Conf1B(config-router)#neighbor 10.1.23.2 remote-as 65001 Conf1B(config-router)#neighbor 10.1.34.4 remote-as 65001 Conf1B(config-router)#neighbor 10.1.36.6 remote-as 65002 Conf1B(config-router)#neighbor 10.1.36.6 next-hop-self

Similar to Conf1A but this time since interface fa 1/0 connects to the other sub AS we need the "bgp confederation peers" command. This command will ensure all the attributes euch as local pref and next hop are preserved when they traverse this EBGP to the sub AS 65002. Since the next hop attribute is preserved between the sub ASs and there might not be routes in the routing table to allow this to work we use the "next-hop-self" command.

Conf1C

router bgp 65001 no synchronization bgp log-neighbor-changes bgp confederation identifier 200 network 1.2.3.0 mask 255.255.255.0 network 10.1.34.0 mask 255.255.255.0 neighbor 10.1.23.2 remote-as 65001 neighbor 10.1.34.3 remote-as 65001

At this point we have full connectivity from the loopback on Conf1C to the loopback on SmileyISP :) Now to configure the routers in sub AS 65002. Similar configs only replacing a few addresses in places.

Conf2A

router bgp 65002 no synchronization bgp log-neighbor-changes bgp confederation identifier 200 bgp confederation peers 65001 network 10.1.36.0 mask 255.255.255.0 network 10.1.56.0 mask 255.255.255.0 network 192.168.1.0 neighbor 10.1.36.3 remote-as 65001 neighbor 10.1.36.3 next-hop-self neighbor 10.1.56.5 remote-as 65002

Conf2B

router bgp 65002 no synchronization bgp log-neighbor-changes bgp confederation identifier 200 network 10.1.15.0 mask 255.255.255.0 network 10.1.56.0 mask 255.255.255.0 neighbor 10.1.15.1 remote-as 100 neighbor 10.1.56.6 remote-as 65002

Now theres full connectivity to all networks from all routers. The output on SmileyISP confirms that it only sees AS200 and not the sub ASs.

SmileyISP#show ip bgp BGP table version is 13, local router ID is 172.16.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path



1.2.3.0/24       10.1.15.5                              0 200 i

*>                  10.1.12.2                              0 200 i
10.1.12.0/24     10.1.15.5                              0 200 i

              10.1.12.2                0             0 200 i

*> 0.0.0.0 0 32768 i

If we check Conf1B

Conf1B#show ip bgp 192.168.1.0 BGP routing table entry for 192.168.1.0/24, version 15 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to update-groups: 1 (65002) 10.1.36.6 from 10.1.36.6 (192.168.1.1) Origin IGP, metric 0, localpref 100, valid, confed-external, best Conf1B#

We see routes learned from sub AS 65002 are classified as confederation external (confed-external) routes. This is used in route selection with EBGP routes preferred over confed-external which are in turn preferred over internal.
The formula to calculate the number of IBGP connections needed for a full mesh of N number of routers is N(N-1)/2 so here without using a confederation we would have used (5*4)/2=10 but we used 5. Not too much but considering the saving grows exponentially with every router running IBGP it can ease config/administration a lot.

m00nie :)

Sign up for more like this.