Routing Notes: BGP Setup and Configuration Instructions

6 BGP Installation & Configuration Instructions

Guidelines for T2 side of the peering:

-Transit networks must use T2 address space: 101.185.96.0 255.255.224.0

– Allows better network isolation in conjunction with the perimeter ACL (see below).

– Transit network interfaces on T2 devices must be configured with existing perimeter ACL:
‘ip access-group VTM_TIER2_39464 in’

– Restricts external access to T2 internal devices, while allowing transit traffic. Goal is to protect T2 interior devices from targeted and untargeted attacks, or other service-impacting traffic-related conditions.

– Transit network interfaces on T2 devices must be configured with existing inbound policy: ‘service-policy input mark_control’

– Sets any inbound packets marked with TOS of 6 or 7 to TOS 0, giving priority to T2 internal routing protocols, and other internal T2 traffic, in QOS queues. All other packets accepted unaltered. Goal is to increase T2 stability.

– Transit network interfaces on T2 devices must be enabled for Netflow: ‘ip route-cache flow’

– Transit network interfaces on T2 and T3 devices:

– Must not allow OSPF to form an adjacency.

– Interfaces must be ‘passive’ in OSPF. ‘Passive-interface default’ prefered.

– Should be configured using an MTU size of 1600.

– BGP timers are set to 2 and 8 on T2. While these are adequate for fast re-convergence, timers may be set differently on individual peers as required by the various component architectures.

– EBGP peering configuration:

– Use peer-groups for multiple peerings to the same external AS.

– ‘next-hop-self’, while not strictly required, is added for conformity.

– ‘send-community’ is required for basic community support (‘both’ or ‘extended’ keywords not required)

– ‘soft-reconfiguration inbound’ is required for ease of maintenance/troubleshooting

– Prefix-list ‘DEFAULT-ONLY’ should be used, as required, to filter routes outbound, permitting only the default.

– Prefix-list ‘DEFAULT-ONLY’ may not pre-exist. As required add:
‘ip prefix-list DEFAULT-ONLY seq 5 permit 0.0.0.0/0’

– Existing route-map CLEAR-COMMUNITY clears the 100:xxx community if it was set at a lower tier, and resets it appropriately (100:1 for NA).

– Route filtering:

– Preferred is for T3 AS’s to accept only default from T2. This configuration requires the least maintenance.

– For legacy conversions, the safest decision may be to continue sending all existing routes plus default. This configuration will eliminate most future maintenance.

– All additional route filtering, except as indicated below, should occur on the T3 side of the peering using appropriate inbound and outbound route-maps or prefix lists.

– Multicast support:

– PIM should only be enabled on T2 interfaces that peer to AS’s with a multicast requirement.

– Required configuration:

ip pim query-interval 5
ip pim sparse-mode
ip multicast boundary MST_Tier3AS_Multicast_Boundary

EXAMPLES T2 to T3:

– Typical T2 router interface configuration:

interface GigabitEthernetx/x
description BGP link to ??????? Gy/y
mtu 1600
ip address 101.185.a.a 255.255.255.252
ip access-group VTM_TIER2_33464 in
ip pim query-interval 5
ip pim sparse-mode
ip multicast boundary MST_Tier3AS_Multicast_Boundary
ip route-cache flow
wrr-queue cos-map 2 2 3 ! NOTE:
wrr-queue cos-map 3 2 4 ! Cos-maps differ depending on hardware.
wrr-queue cos-map 3 7 6 7 ! Ensure use of correct cos-map. See QOS Standard.
mls qos trust dscp
service-policy input mark_control

– Typical EBGP peer configuration – default only:

neighbor xxxxxxx peer-group
neighbor xxxxxxx remote-as yyyyy
neighbor xxxxxxx next-hop-self
neighbor xxxxxxx send-community
neighbor xxxxxxx default-originate
neighbor xxxxxxx soft-reconfiguration inbound
neighbor xxxxxxx prefix-list DEFAULT-ONLY out
neighbor xxxxxxx route-map CLEAR-COMMUNITY in
neighbor 101.185.c.c peer-group xxxxxxx
neighbor 101.185.c.c description ????????
neighbor 101.185.d.d peer-group xxxxxxx
neighbor 101.185.d.d description ????????

– Typical EBGP peer configuration – all routes plus default:

neighbor xxxxxxx peer-group
neighbor xxxxxxx remote-as yyyyy
neighbor xxxxxxx next-hop-self
neighbor xxxxxxx send-community
neighbor xxxxxxx default-originate
neighbor xxxxxxx soft-reconfiguration inbound
neighbor xxxxxxx route-map CLEAR-COMMUNITY in
neighbor 101.185.c.c peer-group xxxxxxx
neighbor 101.185.c.c description ????????
neighbor 101.185.d.d peer-group xxxxxxx
neighbor 101.185.d.d description ????????

– Typical EBGP peer configuration – all routes, no default:

neighbor xxxxxxx peer-group
neighbor xxxxxxx remote-as yyyyy
neighbor xxxxxxx next-hop-self
neighbor xxxxxxx send-community
neighbor xxxxxxx soft-reconfiguration inbound
neighbor xxxxxxx route-map CLEAR-COMMUNITY in
neighbor 101.185.c.c peer-group xxxxxxx
neighbor 101.185.c.c description ????????
neighbor 101.185.d.d peer-group xxxxxxx
neighbor 101.185.d.d description ????????

EXAMPLES T3 to T2:

– Typical T3 to T2 BGP peer configuration:

router bgp xxxxx
no synchronization
bgp router-id y.y.y.y
bgp log-neighbor-changes
timers bgp 2 8
neighbor TIER2-NA-33464 peer-group
neighbor TIER2-NA-33464 remote-as 33464
neighbor TIER2-NA-33464 send-community
neighbor TIER2-NA-33464 soft-reconfiguration inbound
neighbor TIER2-NA-33464 route-map ?????? out
neighbor TIER2-NA-33464 route-map ?????? in
neighbor 101.185.a.a peer-group TIER2-NA-33464
neighbor 101.185.a.a description ????????
neighbor 101.185.b.b peer-group TIER2-NA-33464
neighbor 101.185.b.b description ????????
maximum-paths 4