So for service identification we've said AS100 has four classes of BGP customers. It has full transit which is everything which is the next three that we're going to look at which is upstream IXP and BGP customers then for upstream only these are customers who just want Internet access they just want transit for ixb only these is the class of BGP customers that only get access to the i-x periods then people who want only the roots from BGP customers going to the fourth class now for BGP support the easiest Cisco IOS configuration is to create a peer group for each class much as cisco has allegedly deprecated this feature in their documentation they say it's an old feature you shouldn't use it but for ease of configuration for iOS we recommend using a peer group you can also use peer templates which is the new thing to simplify a bit further so the customer in this case is assigned the peer group of the service that they have purchased and this is simple for the s100 customer installation engineer to provision each new customer that comes on board they just assign them to a particular peer group which we're going to see in the next slide so this slide shows how we would create the peer groups that we've mentioned earlier so we have a bgp router in s100 so you have router bgp 100 and you have a neighbor full transit as a peer group it's defined as a peer group and you have a route map which says what we we use the customers dash out for the what we advertise to this peer group and then full transit dash in is a route map that defines what we're going to do on the inbound and for for transit customers we originate a default route as well then for people who are only interested in upstream we create a new peer group which is upstream - only the route map for outbound is the same so it's still customers - out but in the route map for the inbound is upstream only - in on the inbound direction we also originate a default route for people who are inside this upstream only peer group for the IXP only peer group we have to change both route maps on the inbound and outbound you only wants to announce the experts on the outbound and you only want to accept certain things on the inbound so you have a special eye experience for out and I experience in for inbound then for the BGP customers only you have a peer group which for the outbound has only the BGP customers and also for inbound you have a separate route map that we shall look at in the next slide so for the customers outbound we match the community 10 ok so customers get only our aggregate route and a default route because we've set a default originate and we're only matching anything that is in community 10 there is no other statement inside this roadmap which means everything that does not match the community 10 is going to be dropped the next route map is the full - transit - in as you can see it has under permit 10 we are going to set the community one hundred two thousand one hundred two thousand one hundred and one hundred twenty two hundred ok and this is going to be set on everything that comes in or so this is full transit is going to go everywhere and you can see that for the upstream only when the inbound we set the community one hundred two thousand for the I experience we are not setting anything but we are making sure that we match the community lists ten twelve thirteen fourteen and sixteen which are the customers are buying I extra access only they only get our aggregates they get the start which are out of the aggregates and they get and for transit customers and I experienced so for the ixb only permit ten remember we wanted to sit for the inbound we want to want to set a community 2100 for the beatific customers in the outbound direction we want to match particular communities 10 12 13 and 15 so what you get are the aggregates the static which are part of the aggregate and the full transit customers whatever they announce to us the PIR dress space as well as what we get from other bgp customers and in the inbound direction we set the relevant community so when you're configuring the customers you have this sample configuration that you have on the screen so you have remote s200 you have the for customer 167 3.2 you have the peer group setters full transit and you have a prefix list for s 200 customer inbound and then you activate it then for the next customer who is in remote s 300 they only interested in upstream only so they're inside the upstream only peer group and they have a separate prefix list s 300 customer - in and s 400 are only interested in I experience and they have their own prefix list for the inbound not that the specific customers each have a specific prefix list to properly filter what's their advertising to us you should always make sure you know what your BGP speakers are advertising to you and filter accordingly lastly you can look at the route map which is for me 10 upstream out per meter 10 this is this is how we look at configuring an upstream and our upstream is in s130 and we accept everything inside inbound we have the full routes on the inbound prefix list and for outbound we just have a route map that matches particular communities so only the communities that much people who are buying transit from us advertised to the upstream so we match the community lists 10 12 and 13 for reference this is a slide that shows you also what we set as 10 12 and 13 going back to the configuration the prefix list for routes is just a standard book on prefix filter that you can get from the internet or you can have a repeatable book on Route Saba and this is to protect you from prefixes that should not be announced on the Internet if you're not bothering that then you would just do it without the prefix list fool - routes on the inbound but we strongly recommend that you use some sort of bogan filter now for the IXP peers this is the Rooter session with the ike with a sample ixb peer so the IXP network is 170.000 is dot one whose remote EAS is 901 you can see that the we have the route map the XP peers in for the inbound and ixv peers out for the outbound but also we have a prefix list for that particular peer based on what we expect them to be advertising to us and so on for the different peers now if you look at the is VPS - out route map we are matching things in our community lists ten twelve thirteen and fourteen which are our aggregates and what our provider independent customer address space sent to us what our full transit customers into us and customers who join you want I experience as sending to us and that's what sends to the IXP for the inbound remember we would say we wanted to set up specific community 3000 so that's what we do here we match anything that any of the iyx repairs sent to us that is permitted by the prefix list and we set the relevant community again note that we have a prefix list for each peer otherwise you can have a huge huge problem sorting out wrong advertisements for service identification you have to you have to take a little bit of thought and planning to get everything right because you have a big list of communities and what they mean and they have to be applied consistently across different Reuters for reference again here is the slide of what we chose as our sample communities and this is a typical one so the ebgp configuration with customers is very simple it's just a case of applying the appropriate peer group and of course with filter based on what they are announcing to us for the ebgp configuration of the ixv peers you just announce appropriate community members based on what should be sent to the peers for the ebgp configuration with the upstreams you simply announce the appropriate community members to all up streams which must exclude for example what you're hearing from you I experience and just what you're getting from your customers once you've set it up this way all your internal BGP policy is now controlled by communities you don't have a huge number of prefix lists earth pass filters route maps and other BGP Gymnastics for each outgoing advertisement he only have prefix lists for the incoming advertisements because you really have to filter what people are sending to you however for the outbound each time you add a new customer you do not have to go to each different router and change your outbound prefix list.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.