In our R&S CCIE Mock Lab 2 there is a BGP task that relates to having a particular router prefer an iBGP route as the preferred path to exit its local AS over an eBGP learned path. This seems like a very simple task and it is if you are very thorough with your verification but it ends up being the most commonly missed task in this particular mock lab. Lets start by going over the task and the solution most commonly implemented by students.
In the lab R1, R2 and SW2 are in AS 300. R1 and R2 each have an eBGP peering session with R3. The task states that AS 300 should use the T1 link between R1 and R3 to reach paths originating in AS 54 (BB3). R3 (sub-AS 65003) appears as AS 100 but is actually in a confederation with R4 (sub-AS 65004) and R5 (sub-AS 65005). This doesn’t have any bearing on the task but needs to be mentioned for clarification when looking at the diagram and the output of the show commands. Below is the full task and the diagram (click the image to enlarge).
So the task is asking R1 to be the preferred exit point for AS 300 to paths originating in AS 54. This means we should use R1′s T1 circuit to R3 over the Frame Relay link between R2 and R3 to exit AS 300 to reach AS 54. Since this task requires that the configuration be done on R1, the simplest solution is just to set the local preference on R1 for paths originating in AS 54 so that R1′s iBGP path will be selected over R2′s eBGP path learned directly from R3. As we know from the BGP Best Path Selection Algorithm that local preference is used (step 2) to select the best path after weight. Lets look at a particular BGP learned path on R2 before we change the local preference on R1. We’ll look at the 22.214.171.124/8 network that is being originated by BB3 (AS 54).
Rack1R2#show ip bgp 126.96.36.199/8 BGP routing table entry for 188.8.131.52/8, version 27 Paths: (2 available, best #2, table Default-IP-Routing-Table) Advertised to update-groups: 2 3 100 54 184.108.40.206 (metric 6023936) from 220.127.116.11 (18.104.22.168) <-- 22.214.171.124 is R1's BGP Router-ID Origin IGP, metric 0, localpref 100, valid, internal 100 54 126.96.36.199 from 188.8.131.52 (184.108.40.206) <-- 220.127.116.11 is R3's BGP Router-ID Origin IGP, localpref 100, valid, external, best Rack1R2#
As we can see R2 is by default preferring the eBGP path from R3 over the iBGP path from R1. This is number 7 in the BGP Best Path Selection Algorithm (eBGP over iBGP). To have R2 prefer R1 with only making changes to R1 we’re going to change the local preference for paths originating in AS 54. Here is the solution simular to what most students apply to R1.
router bgp 300 neighbor 18.104.22.168 route-map LOCAL_PREFERENCE in ! ip as-path access-list 1 permit _54$ ! route-map LOCAL_PREFERENCE permit 10 match as-path 1 set local-preference 200 ! route-map LOCAL_PREFERENCE permit 20
Now lets look at that 22.214.171.124/8 path on R2 after the above configuration is applied.
Rack1R2#show ip bgp 126.96.36.199/8 BGP routing table entry for 188.8.131.52/8, version 35 Paths: (2 available, best #1, table Default-IP-Routing-Table) Advertised to update-groups: 3 100 54 184.108.40.206 (metric 6023936) from 220.127.116.11 (18.104.22.168) Origin IGP, metric 0, localpref 200, valid, internal, best 100 54 22.214.171.124 from 126.96.36.199 (188.8.131.52) Origin IGP, localpref 100, valid, external Rack1R2#
We can see now that R2 prefers the iBGP path from R1 over the eBGP path from R3 due to the higher local preference set by R1 (200 as opposed to the default of 100). Most students now believe that they are done with the task and move on but this solution isn’t complete. Lets look at why.
First off lets reread the second bullet point in the task. It states that AS 300 should use the T1 link and although BGP is selecting R1′s iBGP path, the next-hop is still R3 (184.108.40.206). We need to look further into how R2 is going to route to the next-hop for the iBGP path.
Rack1R2#show ip route 220.127.116.11 Routing entry for 18.104.22.168/24 Known via "eigrp 100", distance 90, metric 6023936, type internal Redistributing via eigrp 100 Last update from 22.214.171.124 on Serial0/0/0.23, 00:00:58 ago Routing Descriptor Blocks: * 126.96.36.199, from 188.8.131.52, 00:00:58 ago, via Serial0/0/0.23 Route metric is 6023936, traffic share count is 1 Total delay is 40000 microseconds, minimum bandwidth is 512 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 Rack1R2#
As we can see R2 will still route directly to R3 over the Frame Relay connection to reach the 184.108.40.206/8 (BGP AS 54) network as opposed to using the T1 link between R1 and R3. We will traceroute to verify this.
Rack1R2#traceroute 220.127.116.11 Type escape sequence to abort. Tracing the route to 18.104.22.168 1 22.214.171.124 32 msec 28 msec 28 msec <-- Frame Relay link 2 126.96.36.199 56 msec 56 msec 56 msec 3 188.8.131.52 56 msec 60 msec 56 msec 4 172.16.4.1 36 msec * 36 msec Rack1R2#
This is obviously a problem because R2 isn’t using the T1 link to exit AS 300 for AS 54 originated paths. Not resolving this issue next-hop issue is the reason this task is one of the most commonly missed tasks for Mock Lab 2. Most students use the BGP show commands and ping for verification but aren’t tracerouting to see what path is actually being used by R2.
The two simplest solutions to resolve this issue would be to either alter the IGP metrics, in the case EIGRP, so that for R2 to reach the next-hop (184.108.40.206) for the iBGP path, R2 uses R1. Another simple option would be to use the next-hop-self option on the end of the BGP neighbor command on R1 pointing to R2. Lets now add that on R1 and then go back and verify that R2 is using the T1 link to exit AS 300.
router bgp 300 neighbor 220.127.116.11 next-hop-self
Now verify the next-hop has changed.
Rack1R2#show ip bgp 18.104.22.168/8 BGP routing table entry for 22.214.171.124/8, version 43 Paths: (2 available, best #1, table Default-IP-Routing-Table) Flag: 0x940 Advertised to update-groups: 3 100 54 126.96.36.199 from 188.8.131.52 (184.108.40.206) Origin IGP, metric 0, localpref 200, valid, internal, best 100 54 220.127.116.11 from 18.104.22.168 (22.214.171.124) Origin IGP, localpref 100, valid, external Rack1R2#
Finally we just need to traceroute from R2 to ensure that the T1 is the exit point for AS 300 to reach paths originating in AS 54.
Rack1R2#traceroute 126.96.36.199 Type escape sequence to abort. Tracing the route to 188.8.131.52 1 184.108.40.206 28 msec 28 msec 28 msec 2 220.127.116.11 32 msec 36 msec 36 msec 3 18.104.22.168 60 msec 64 msec 64 msec 4 22.214.171.124 60 msec 64 msec 64 msec 5 172.16.4.1 36 msec * 36 msec Rack1R2#
To summarize remember when asked to prefer one route over another that you should also traceroute to verify that the preferred path is actually being used and not just selected as best.
Good luck with your studies!
Brian Dennis, CCIEx5 #2210 (R&S/ISP-Dial/Security/SP/Voice)
About Brian Dennis, CCIE #2210:
Brian Dennis has been in the networking industry for more than 22 years, with a focus on Cisco networking for the past 16 years. Brian achieved his first CCIE in Routing & Switching in 1996, and is currently the only ten year CCIE that holds five CCIE certifications. Prior to working with INE, Brian taught and developed CCIE preparation courses for various well known training organizations. Brian not only brings his years of teaching experience to the classroom, but also years of real world enterprise and service provider experience.
7 Responses to “BGP Route Preference – The Mostly Commonly Missed Task in R&S CCIE Mock Lab 2”
Leave a Reply