Ok, time for some eBGP between Cisco and Juniper
Before we begin this lab, reset all the configs back to the rescue/base before beginning.
Ok, let’s configure our J1-J2-J3 OSPF Configuration.
J1:
jfry@J1> edit
Entering configuration mode
[edit]
jfry@J1# edit protocols ospf area 0
[edit protocols ospf area 0.0.0.0]
jfry@J1# set interface ge-0/0/0
[edit protocols ospf area 0.0.0.0]
jfry@J1# set interface fe-0/0/2
[edit protocols ospf area 0.0.0.0]
jfry@J1# set interface lo0 passive
[edit protocols ospf area 0.0.0.0]
jfry@J1# commit and-quit
Now, J2:
jfry@J2> edit
Entering configuration mode
[edit]
jfry@J2# edit protocols ospf area 0
[edit protocols ospf area 0.0.0.0]
jfry@J2# set interface ge-0/0/0
[edit protocols ospf area 0.0.0.0]
jfry@J2# set interface ge-0/0/1
[edit protocols ospf area 0.0.0.0]
jfry@J2# set interface lo0 passive
[edit protocols ospf area 0.0.0.0]
jfry@J2# commit and-quit
And finally, J3:
jfry@J3> edit
Entering configuration mode
[edit]
jfry@J3# edit protocols ospf area 0
[edit protocols ospf area 0.0.0.0]
jfry@J3# set interface fe-0/0/1
[edit protocols ospf area 0.0.0.0]
jfry@J3# set interface fe-0/0/2
[edit protocols ospf area 0.0.0.0]
jfry@J3# set interface lo0 passive
[edit protocols ospf area 0.0.0.0]
jfry@J3# commit and-quit
Ok, back to J1 to check on the state of our OSPF and routing table
First up, let’s check our neighbors:
jfry@J1> show ospf neighbor
Address Interface State ID Pri Dead
192.168.13.3 fe-0/0/2.0 Full 3.3.3.3 128 38
192.168.12.2 ge-0/0/0.0 Full 2.2.2.2 128 33
Good, and now our ospf routing table:
jfry@J1> show route protocol ospf
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
2.2.2.2/32 *[OSPF/10] 00:02:21, metric 1
> to 192.168.12.2 via ge-0/0/0.0
3.3.3.3/32 *[OSPF/10] 00:01:29, metric 1
> to 192.168.13.3 via fe-0/0/2.0
192.168.23.0/24 *[OSPF/10] 00:01:29, metric 2
> to 192.168.12.2 via ge-0/0/0.0
to 192.168.13.3 via fe-0/0/2.0
224.0.0.5/32 *[OSPF/10] 00:03:52, metric 1
MultiRecv
jfry@J1>
Looking good. Now we can configure ebgp between J1 and R4:
R4 up first for BGP.
R4#config t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router bgp 4
R4(config-router)#no au
R4(config-router)#net 4.4.4.4 mask 255.255.255.0
R4(config-router)#nei 192.168.14.1 remote-as 1
R4(config-router)#^Z
R4#
Now onto J1 for ebgp
J1:
[edit]
jfry@J1# set routing-options autonomous-system 1
I am going to deviate a bit here on how I have been doing the policies. Now that you should be familiar with the set based way to do it, I will use the edit based way. I will edit my policy statement:
[edit]
jfry@J1# edit policy-options policy-statement ebgp
Then edit my first term to accept OSPF Area 0 routes:
[edit policy-options policy-statement ebgp]
jfry@J1# edit term 1
[edit policy-options policy-statement ebgp term 1]
jfry@J1# set from protocol ospf area 0
[edit policy-options policy-statement ebgp term 1]
jfry@J1# set then accept
Then move up one Stanza in the edit config:
[edit policy-options policy-statement ebgp term 1]
jfry@J1# up
And now edit Term 2 to accept directly connected interfaces:
[edit policy-options policy-statement ebgp]
jfry@J1# edit term 2
[edit policy-options policy-statement ebgp term 2]
jfry@J1# set from protocol direct
[edit policy-options policy-statement ebgp term 2]
jfry@J1# set then accept
[edit policy-options policy-statement ebgp term 2]
jfry@J1# top
Now we will edit our ebgp group like we did in the last lab:
[edit]
jfry@J1# edit protocols bgp group ebgp
[edit protocols bgp group ebgp]
jfry@J1# set type external
[edit protocols bgp group ebgp]
jfry@J1# set peer-as 4
[edit protocols bgp group ebgp]
jfry@J1# set neighbor 192.168.14.4
[edit protocols bgp group ebgp]
jfry@J1# set export ebgp
[edit protocols bgp group ebgp]
jfry@J1# commit and-quit
Now time to check the bgp neighbors:
jfry@J1> show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped…
192.168.14.4 4 15 19 0 0 6:07 1/1/1/0 0/0/0/0
jfry@J1>
Good, we are neighbored with R4.
Time to check the routing table on J1:
jfry@J1> show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
1.1.1.1/32 *[Direct/0] 03:27:14
> via lo0.0
2.2.2.2/32 *[OSPF/10] 00:22:15, metric 1
> to 192.168.12.2 via ge-0/0/0.0
3.3.3.3/32 *[OSPF/10] 00:21:23, metric 1
> to 192.168.13.3 via fe-0/0/2.0
4.4.4.4/32 *[BGP/170] 00:00:48, MED 0, localpref 100
AS path: 4 I
> to 192.168.14.4 via fe-0/0/7.0
192.168.12.0/24 *[Direct/0] 03:26:03
> via ge-0/0/0.0
192.168.12.1/32 *[Local/0] 03:26:33
Local via ge-0/0/0.0
192.168.13.0/24 *[Direct/0] 03:26:28
> via fe-0/0/2.0
192.168.13.1/32 *[Local/0] 03:26:32
Local via fe-0/0/2.0
192.168.14.0/24 *[Direct/0] 03:26:28
> via fe-0/0/7.0
192.168.14.1/32 *[Local/0] 03:26:32
Local via fe-0/0/7.0
192.168.23.0/24 *[OSPF/10] 00:21:23, metric 2
> to 192.168.12.2 via ge-0/0/0.0
to 192.168.13.3 via fe-0/0/2.0
224.0.0.5/32 *[OSPF/10] 00:23:46, metric 1
MultiRecv
jfry@J1>
Good, now to check R4:
R4#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
B 192.168.12.0/24 [20/0] via 192.168.14.1, 00:06:52
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 192.168.14.1, 00:06:52
B 192.168.13.0/24 [20/0] via 192.168.14.1, 00:06:52
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/1] via 192.168.14.1, 00:06:52
C 192.168.14.0/24 is directly connected, Ethernet0
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/1] via 192.168.14.1, 00:06:52
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
B 192.168.23.0/24 [20/2] via 192.168.14.1, 00:06:52
R4#
Cool both routers have all the routes. Now, time to check if R4 can PING J1 loopback:
R4# ping 1.1.1.1 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R4#
Good, how about J2 loopback:
R4#ping 2.2.2.2 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
…..
Success rate is 0 percent (0/5)
R4#
Nope, why is this? Let’s check J2 routing table:
jfry@J2> show route
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
1.1.1.1/32 *[OSPF/10] 00:24:37, metric 1
> to 192.168.12.1 via ge-0/0/0.0
2.2.2.2/32 *[Direct/0] 03:29:29
> via lo0.0
3.3.3.3/32 *[OSPF/10] 00:23:43, metric 1
> to 192.168.23.3 via ge-0/0/1.0
192.168.12.0/24 *[Direct/0] 03:28:25
> via ge-0/0/0.0
192.168.12.2/32 *[Local/0] 03:28:31
Local via ge-0/0/0.0
192.168.13.0/24 *[OSPF/10] 00:23:43, metric 2
to 192.168.12.1 via ge-0/0/0.0
> to 192.168.23.3 via ge-0/0/1.0
192.168.23.0/24 *[Direct/0] 03:28:26
> via ge-0/0/1.0
192.168.23.2/32 *[Local/0] 03:28:30
Local via ge-0/0/1.0
224.0.0.5/32 *[OSPF/10] 00:24:47, metric 1
MultiRecv
jfry@J2>
Hmm, no route. Why? Well, it is because we did not redistribute routes from BGP to OSPF on J1. J
Time to configure that on J1:
jfry@J1> edit
Entering configuration mode
[edit]
jfry@J1# edit policy-options policy-statement ospf
[edit policy-options policy-statement ospf]
jfry@J1# edit term 1
[edit policy-options policy-statement ospf term 1]
jfry@J1# set from protocol bgp
[edit policy-options policy-statement ospf term 1]
jfry@J1# set then accept
[edit policy-options policy-statement ospf term 1]
jfry@J1# top
[edit]
jfry@J1# edit protocols ospf
[edit protocols ospf]
jfry@J1# set export ospf
[edit protocols ospf]
jfry@J1# commit and-quit
Ok, time to check the routing table on J2:
jfry@J2> show route protocol ospf
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
1.1.1.1/32 *[OSPF/10] 00:31:25, metric 1
> to 192.168.12.1 via ge-0/0/0.0
3.3.3.3/32 *[OSPF/10] 00:30:31, metric 1
> to 192.168.23.3 via ge-0/0/1.0
4.4.4.4/32 *[OSPF/150] 00:02:12, metric 0, tag 0
> to 192.168.12.1 via ge-0/0/0.0
192.168.13.0/24 *[OSPF/10] 00:30:31, metric 2
to 192.168.12.1 via ge-0/0/0.0
> to 192.168.23.3 via ge-0/0/1.0
224.0.0.5/32 *[OSPF/10] 00:31:35, metric 1
MultiRecv
Good, now we can retest R4 ping to J2:
R4#ping 2.2.2.2 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
Ok, now to MD5 Auth between J1 and R4 for good measure.
R4 first:
R4(config)#nei
R4(config)#router bgp 4
R4(config-router)#neighbor 192.168.14.1 password 0 JunosIOS
And now J1:
jfry@J1> edit
Entering configuration mode
[edit]
jfry@J1# edit protocols bgp group ebgp
Authentication is configured under the neighbor:
[edit protocols bgp group ebgp]
jfry@J1# edit neighbor 192.168.14.4
And now we configure the password:
[edit protocols bgp group ebgp neighbor 192.168.14.4]
jfry@J1# set authentication-key JunosIOS
[edit protocols bgp group ebgp neighbor 192.168.14.4]
jfry@J1# commit and-quit
commit complete
Exiting configuration mode
jfry@J1
Ok, We should have a bgp neighbor now:
jfry@J1> show bgp neighbor 192.168.14.4
Peer: 192.168.14.4+11005 AS 4 Local: 192.168.14.1+179 AS 1
Type: External State: Established Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Export: [ ebgp ]
Options: <Preference AuthKey PeerAS Refresh>
Authentication key is configured
There we go, BGP authentication!