Cisco Router Challenge 81

 

Outline

 

This challenge involves the configuration of BGP to prevent leakage of private AS numbers into the Internet.The objectives of this challenge are to:

 

• Define BGP.
• Define neighbors.
• Prevent leakage of private AS numbers.

 

Commnands

 

# config t

(config)# router bgp 172

(config-router)# neighbor 11.11.11.11 remote-as 64512

(config-router)# neighbor 12.12.12.12 remote-as 311

(config-router)# neighbor 12.12.12.12 remove-private-as

 

Example

 

# config t

(config)# router bgp 172

(config-router)# neighbor 11.11.11.11 ?

  activate                Enable the Address Family for this Neighbor

  advertise-map           specify route-map for conditional advertisement

  advertisement-interval  Minimum interval between sending BGP routing updates

  allowas-in              Accept as-path with my AS present in it

  default-originate       Originate default route to this neighbor

  description             Neighbor specific description

  distribute-list         Filter updates to/from this neighbor

  ebgp-multihop           Allow EBGP neighbors not on directly connected

                          networks

  filter-list             Establish BGP filters

  local-as                Specify a local-as number

  maximum-prefix          Maximum number of prefix accept from this peer

  next-hop-self           Disable the next hop calculation for this neighbor

  next-hop-unchanged      Propagate the iBGP paths's next hop unchanged for

                          this neighbor

  password                Set a password

  peer-group              Member of the peer-group

  prefix-list             Filter updates to/from this neighbor

  remote-as               Specify a BGP neighbor

  remove-private-AS       Remove private AS number from outbound updates

  route-map               Apply route map to neighbor

  route-reflector-client  Configure a neighbor as Route Reflector client

  send-community          Send Community attribute to this neighbor

  shutdown                Administratively shut down this neighbor

  soft-reconfiguration    Per neighbor soft reconfiguration

  timers                  BGP per neighbor timers

  translate-update        Translate Update to MBGP format

  unsuppress-map          Route-map to selectively unsuppress suppressed routes

  update-source           Source of routing updates

  version                 Set the BGP version to match a neighbor

  weight                  Set default weight for routes from this neighbor

(config-router)# neighbor 11.11.11.11 remote-as 64512

(config-router)# neighbor 12.12.12.12 remote-as 311

(config-router)# neighbor 12.12.12.12 remove-private-as

 

Explanation

 

There are legal (or public) AS numbers and private ones. A private one can be setup when connecting to a single provider. These are in the range of 64,512 to 65,535. Thus the following defines a private AS:

 

(config-router)# neighbor 11.11.11.11 remote-as 64512

 

When private AS numbers are assigned, they should not be advertised to the Internet, as they are not unique. Thus the command:

 

(config-router)# neighbor 12.12.12.12 remove-private-as

 

Removes all private AS in the range from 64,512 to 65,535, in the broadcast to 12.12.12.12.

 

Topology

 

The basic topology is defined below, where AS1 is connected to E0, AS2 to S0, and AS3 to S1.