[c-nsp] bgp config 3750 -> 7200

[Michael Smith]

On Jul 19, 2005, at 6:25 PM, Shaun Reitan wrote:

> A person i know wants to use me as a redundant connection for his  
> company.
> I already have his DS3 turned up and ips bound to routers on both  
> sides
> (they are pinging ok).  This is my first attempt at setting up BGP  
> from a
> ISP level, i've set up the other end a few times (i'm no expert)  
> and before
> i go turning things up i want to make sure that i have the proper
> configuration in my switch so that he cannot affect any of my  
> customers.
> Below is my current bgp config that i'm using to peer with my  
> provider.  I
> am only being sent (and only accepting) default route from my  
> provider for
> now but i may change that in the future (plans are to get  
> 7206VXR's) but i
> also only want to send default route.
>
> router bgp 33xxx
>  no synchronization
>  bgp log-neighbor-changes
>  network 204.10.xxx.0 mask 255.255.252.0
>  neighbor provider1 peer-group
>  neighbor provider1 remote-as xxxx
>  neighbor provider1 ebgp-multihop 3
>  neighbor provider1 update-source FastEthernet1/0/1
>  neighbor provider1 send-community
>  neighbor provider1 prefix-list default_only in
>  neighbor provider1 prefix-list my_routes out
>  neighbor 216.23.xxx.xxx peer-group provider1
>  neighbor 216.23.xxx.xxx peer-group provider1
>  no auto-summary
> !
> ip bgp-community new-format
> !
> ip prefix-list default_only seq 5 permit 0.0.0.0/0
> !
> ip prefix-list my_routes seq 5 permit 204.10.xxx.0/22 le 32
> !
>
>
> I plan to add the following and was hoping to get your feedback and
> recommendations about things i should change or implement.  I plan  
> to add
> the following to my switch.  I'm doing multihop because there is a  
> older
> router the the guy supplied so that he could convert the DS3 to  
> ethernet.
>
>  network 216.73.xxx.0 mask 255.255.248.0
>  neighbor 204.10.xxx.xxx remote-as 22xxx
>  neighbor 204.10.xxx.xxx send-community
>  neighbor 204.10.xxx.xxx ebgp-multihop 3
>  neighbor 204.10.xxx.xxx prefix-list customerA:AS22xxx in
>  neighbor 204.10.xxx.xxx default-originate
> !
> ip prefix-list CustomerA:AS22xxx 216.73.xxx.0/19 le 32
>
>
>
>> From what i can tell the ISP end doesnt too look much diffrent  
>> from the
>>
> customer end except that i am filtering what i receive from him.   
> Thanks in
> advance, i hope i'm not out in left field! :)
>
> ~Shaun
>

Hi Shaun:

I would add/remove the following with explanations.  In the YMMV  
category, you could get a heck of a lot more complex if you wanted,  
but this should do the trick.

<add>
neighbor 204.10.xxx.xxx prefix-list default_only out

comment: This way, you won't ever send more specific routes at such a  
time as you accept them from your upstream.
</add>

<remove>
network 216.73.xxx.0 mask 255.255.248.0

comment: if your customer is announcing that block to you via the  
connection then you don't want/need to have a network statement in  
your BGP config for that block.
</remove>

<remove>
neighbor 204.10.xxx.xxx ebgp-multihop 3

comment: I'm assuming you are directly connected to your downstream  
so there is no need for a multihop allow.
</remove>

You may also want to add a password statement for both your upstream  
and downstream connections given the latest FUD in the networking  
community related to hijacking of BGP sessions.

There are lots of other nerd knobs to tweak if you so desire, but I  
think the above, summarized below, will be sufficient for your  
immediate needs.

<summary>

neighbor 204.10.xxx.xxx remote-as 22xxx
neighbor 204.10.xxx.xxx description Some Text Here
neighbor 204.10.xxx.xxx password <some agreed-upon password>
neighbor 204.10.xxx.xxx send-community
neighbor 204.10.xxx.xxx prefix-list customerA:AS22xxx in
neighbor 204.10.xxx.xxx prefix-list default_only out
neighbor 204.10.xxx.xxx default-originate
!
ip prefix-list CustomerA:AS22xxx 216.73.xxx.0/19 le 32

</summary>