Tags

,

Junos_sw_logo

Ok, time for some eBGP between Cisco and Juniper

Ebgp c to j

Before we begin this lab, reset all the configs back to the rescue/base before beginning.

 

Ok, let’s configure our J1-J2-J3 OSPF Configuration.

 

J1:

jfry@J1> edit   

Entering configuration mode

 

[edit]

jfry@J1# edit protocols ospf area 0 

 

[edit protocols ospf area 0.0.0.0]

jfry@J1# set interface ge-0/0/0

 

[edit protocols ospf area 0.0.0.0]

jfry@J1# set interface fe-0/0/2

 

 

[edit protocols ospf area 0.0.0.0]

jfry@J1# set interface lo0 passive

 

[edit protocols ospf area 0.0.0.0]

jfry@J1# commit and-quit

 

Now, J2:

jfry@J2> edit

Entering configuration mode

 

[edit]

jfry@J2# edit protocols ospf area 0

 

[edit protocols ospf area 0.0.0.0]

jfry@J2# set interface ge-0/0/0

 

[edit protocols ospf area 0.0.0.0]

jfry@J2# set interface ge-0/0/1   

 

[edit protocols ospf area 0.0.0.0]

jfry@J2# set interface lo0 passive

 

[edit protocols ospf area 0.0.0.0]

jfry@J2# commit and-quit

 

And finally, J3:

jfry@J3> edit

Entering configuration mode

 

[edit]

jfry@J3# edit protocols ospf area 0

 

[edit protocols ospf area 0.0.0.0]

jfry@J3# set interface fe-0/0/1

 

[edit protocols ospf area 0.0.0.0]

jfry@J3# set interface fe-0/0/2

 

[edit protocols ospf area 0.0.0.0]

jfry@J3# set interface lo0 passive

 

[edit protocols ospf area 0.0.0.0]

jfry@J3# commit and-quit

 

 

 

Ok, back to J1 to check on the state of our OSPF and routing table

First up, let’s check our neighbors:

jfry@J1> show ospf neighbor

Address          Interface              State     ID               Pri  Dead

192.168.13.3     fe-0/0/2.0             Full      3.3.3.3          128    38

192.168.12.2     ge-0/0/0.0             Full      2.2.2.2          128    33

 

Good, and now our ospf routing table:

jfry@J1> show route protocol ospf

 

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)

+ = Active Route, – = Last Active, * = Both

 

2.2.2.2/32         *[OSPF/10] 00:02:21, metric 1

                    > to 192.168.12.2 via ge-0/0/0.0

3.3.3.3/32         *[OSPF/10] 00:01:29, metric 1

                    > to 192.168.13.3 via fe-0/0/2.0

192.168.23.0/24    *[OSPF/10] 00:01:29, metric 2

                    > to 192.168.12.2 via ge-0/0/0.0

                      to 192.168.13.3 via fe-0/0/2.0

224.0.0.5/32       *[OSPF/10] 00:03:52, metric 1

                      MultiRecv

 

jfry@J1>

 

Looking good.  Now we can configure ebgp between J1 and R4:

R4 up first for BGP.

R4#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R4(config)#router bgp 4

R4(config-router)#no au

R4(config-router)#net 4.4.4.4 mask 255.255.255.0

R4(config-router)#nei 192.168.14.1 remote-as 1

R4(config-router)#^Z

R4#

 

 

 

Now onto J1 for ebgp

J1:

[edit]

jfry@J1# set routing-options autonomous-system 1

 

I am going to deviate a bit here on how I have been doing the policies.  Now that you should be familiar with the set based way to do it, I will use the edit based way.   I will edit my policy statement:

[edit]

jfry@J1# edit policy-options policy-statement ebgp

 

Then edit my first term to accept OSPF Area 0 routes:

[edit policy-options policy-statement ebgp]

jfry@J1# edit term 1

 

[edit policy-options policy-statement ebgp term 1]

jfry@J1# set from protocol ospf area 0

 

[edit policy-options policy-statement ebgp term 1]

jfry@J1# set then accept

 

Then move up one Stanza in the edit config:

[edit policy-options policy-statement ebgp term 1]

jfry@J1# up

 

And now edit Term 2 to accept directly connected interfaces:

[edit policy-options policy-statement ebgp]

jfry@J1# edit term 2

 

[edit policy-options policy-statement ebgp term 2]

jfry@J1# set from protocol direct

 

[edit policy-options policy-statement ebgp term 2]

jfry@J1# set then accept 

 

[edit policy-options policy-statement ebgp term 2]

jfry@J1# top

 

Now we will edit our ebgp group like we did in the last lab:

[edit]

jfry@J1# edit protocols bgp group ebgp

 

[edit protocols bgp group ebgp]

jfry@J1# set type external

 

[edit protocols bgp group ebgp]

jfry@J1# set peer-as 4

 

[edit protocols bgp group ebgp]

jfry@J1# set neighbor 192.168.14.4

 

[edit protocols bgp group ebgp]

jfry@J1# set export ebgp

 

[edit protocols bgp group ebgp]

jfry@J1# commit and-quit

 

Now time to check the bgp neighbors:

jfry@J1> show bgp summary   

Groups: 1 Peers: 1 Down peers: 0

Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending

inet.0              

                       1          1          0          0          0          0

Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped…

192.168.14.4              4         15         19       0       0        6:07 1/1/1/0              0/0/0/0

 

jfry@J1>

Good, we are neighbored with R4. 

Time to check the routing table on J1:
jfry@J1> show route   

 

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)

+ = Active Route, – = Last Active, * = Both

 

1.1.1.1/32         *[Direct/0] 03:27:14

                    > via lo0.0

2.2.2.2/32         *[OSPF/10] 00:22:15, metric 1

                    > to 192.168.12.2 via ge-0/0/0.0

3.3.3.3/32         *[OSPF/10] 00:21:23, metric 1

                    > to 192.168.13.3 via fe-0/0/2.0

4.4.4.4/32         *[BGP/170] 00:00:48, MED 0, localpref 100

                      AS path: 4 I

                    > to 192.168.14.4 via fe-0/0/7.0

192.168.12.0/24    *[Direct/0] 03:26:03

                    > via ge-0/0/0.0

192.168.12.1/32    *[Local/0] 03:26:33

                      Local via ge-0/0/0.0

192.168.13.0/24    *[Direct/0] 03:26:28

                    > via fe-0/0/2.0

192.168.13.1/32    *[Local/0] 03:26:32

                      Local via fe-0/0/2.0

192.168.14.0/24    *[Direct/0] 03:26:28

                    > via fe-0/0/7.0

192.168.14.1/32    *[Local/0] 03:26:32 

                      Local via fe-0/0/7.0

192.168.23.0/24    *[OSPF/10] 00:21:23, metric 2

                    > to 192.168.12.2 via ge-0/0/0.0

                      to 192.168.13.3 via fe-0/0/2.0

224.0.0.5/32       *[OSPF/10] 00:23:46, metric 1

                      MultiRecv

                                       

jfry@J1>

 

Good, now to check R4:

R4#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

       E1 – OSPF external type 1, E2 – OSPF external type 2

       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

       ia – IS-IS inter area, * – candidate default, U – per-user static route

       o – ODR, P – periodic downloaded static route

 

Gateway of last resort is not set

 

B    192.168.12.0/24 [20/0] via 192.168.14.1, 00:06:52

     1.0.0.0/32 is subnetted, 1 subnets

B       1.1.1.1 [20/0] via 192.168.14.1, 00:06:52

B    192.168.13.0/24 [20/0] via 192.168.14.1, 00:06:52

     2.0.0.0/32 is subnetted, 1 subnets

B       2.2.2.2 [20/1] via 192.168.14.1, 00:06:52

C    192.168.14.0/24 is directly connected, Ethernet0

     3.0.0.0/32 is subnetted, 1 subnets

B       3.3.3.3 [20/1] via 192.168.14.1, 00:06:52

     4.0.0.0/32 is subnetted, 1 subnets

C       4.4.4.4 is directly connected, Loopback0

B    192.168.23.0/24 [20/2] via 192.168.14.1, 00:06:52

R4#

 

Cool both routers have all the routes.  Now, time to check if R4 can PING J1 loopback:

R4# ping 1.1.1.1 so l0

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 4.4.4.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

R4#

 

 

 

Good, how about J2 loopback:

R4#ping 2.2.2.2 so l0

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 4.4.4.4

…..

Success rate is 0 percent (0/5)

R4#

 

Nope, why is this?  Let’s check J2 routing table:

jfry@J2> show route

 

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)

+ = Active Route, – = Last Active, * = Both

 

1.1.1.1/32         *[OSPF/10] 00:24:37, metric 1

                    > to 192.168.12.1 via ge-0/0/0.0

2.2.2.2/32         *[Direct/0] 03:29:29

                    > via lo0.0

3.3.3.3/32         *[OSPF/10] 00:23:43, metric 1

                    > to 192.168.23.3 via ge-0/0/1.0

192.168.12.0/24    *[Direct/0] 03:28:25

                    > via ge-0/0/0.0

192.168.12.2/32    *[Local/0] 03:28:31

                      Local via ge-0/0/0.0

192.168.13.0/24    *[OSPF/10] 00:23:43, metric 2

                      to 192.168.12.1 via ge-0/0/0.0

                    > to 192.168.23.3 via ge-0/0/1.0

192.168.23.0/24    *[Direct/0] 03:28:26

                    > via ge-0/0/1.0

192.168.23.2/32    *[Local/0] 03:28:30

                      Local via ge-0/0/1.0

224.0.0.5/32       *[OSPF/10] 00:24:47, metric 1

                      MultiRecv

                                       

jfry@J2>

 

Hmm, no route.  Why?  Well, it is because we did not redistribute routes from BGP to OSPF on J1. J

Time to configure that on J1:

jfry@J1> edit

Entering configuration mode

 

[edit]

jfry@J1# edit policy-options policy-statement ospf

 

[edit policy-options policy-statement ospf]

jfry@J1# edit term 1

 

[edit policy-options policy-statement ospf term 1]

jfry@J1# set from protocol bgp

 

[edit policy-options policy-statement ospf term 1]

jfry@J1# set then accept

 

[edit policy-options policy-statement ospf term 1]

jfry@J1# top        

 

[edit]

jfry@J1# edit protocols ospf

 

[edit protocols ospf]

jfry@J1# set export ospf

 

 [edit protocols ospf]

jfry@J1# commit and-quit

 

Ok, time to check the routing table on J2:

jfry@J2> show route protocol ospf   

 

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)

+ = Active Route, – = Last Active, * = Both

 

1.1.1.1/32         *[OSPF/10] 00:31:25, metric 1

                    > to 192.168.12.1 via ge-0/0/0.0

3.3.3.3/32         *[OSPF/10] 00:30:31, metric 1

                    > to 192.168.23.3 via ge-0/0/1.0

4.4.4.4/32         *[OSPF/150] 00:02:12, metric 0, tag 0

                    > to 192.168.12.1 via ge-0/0/0.0

192.168.13.0/24    *[OSPF/10] 00:30:31, metric 2

                      to 192.168.12.1 via ge-0/0/0.0

                    > to 192.168.23.3 via ge-0/0/1.0

224.0.0.5/32       *[OSPF/10] 00:31:35, metric 1

                      MultiRecv

 

Good, now we can retest R4 ping to J2:

R4#ping 2.2.2.2 so l0

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 4.4.4.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms

Ok, now to MD5 Auth between J1 and R4 for good measure.

 

R4 first:

R4(config)#nei

R4(config)#router bgp 4

R4(config-router)#neighbor 192.168.14.1 password 0 JunosIOS

 

And now J1:

jfry@J1> edit

Entering configuration mode

 

[edit]

jfry@J1# edit protocols bgp group ebgp

 

Authentication is configured under the neighbor:

[edit protocols bgp group ebgp]

jfry@J1# edit neighbor 192.168.14.4 

 

And now we configure the password:

[edit protocols bgp group ebgp neighbor 192.168.14.4]

jfry@J1# set authentication-key JunosIOS

 

[edit protocols bgp group ebgp neighbor 192.168.14.4]

jfry@J1# commit and-quit

commit complete

Exiting configuration mode

 

jfry@J1

 

Ok, We should have a bgp neighbor now:
jfry@J1> show bgp neighbor 192.168.14.4   

Peer: 192.168.14.4+11005 AS 4  Local: 192.168.14.1+179 AS 1   

  Type: External    State: Established    Flags: <Sync>

  Last State: OpenConfirm   Last Event: RecvKeepAlive

  Last Error: None

  Export: [ ebgp ]

  Options: <Preference AuthKey PeerAS Refresh>

  Authentication key is configured

 

There we go, BGP authentication!