[f-nsp] Foundry BGP configuration
Chris Cameron
chris at upnix.com
Mon Nov 24 19:35:42 EST 2008
I'm hoping someone will be kind enough to review my Foundry
configuration, and tell me if I've missed anything obvious before I
try to deploy this on a live network.
Currently we're using a Cisco 3845 for BGP to a single provider. We're
migrating to a Foundry RX4, so this configuration is just my attempt
at a 1-for-1 configuration.
My areas of concern are:
- The prefix-list and how it is matched (default deny? Matches then stops?)
- The IP/virtual interface given to vlan100 in order to have an IP
usable for the 1/13 to 1/16 trunk. This is quite different than what
was done with the Cisco.
- Any defaults the Cisco may have relied on that the Foundry isn't
configured to match
Below is the sanitized configuration. I appreciate any help.
Chris
Current configuration:
!
ver V2.4.0eT143
module 1 rx-bi-1g-24-port-fiber
module 2 rx-bi-1g-24-port-fiber
!
trunk ethe 1/13 to 1/16
!
spanning-tree
!
vlan 100
untagged ethe 1/13 to 1/16
router-interface ve 1
!
vlan 1 name DEFAULT-VLAN
!
!
!
aaa authentication login default radius local
radius-server host 192.168.10.100 auth-port 1645 acct-port 1646
authentication-only key 1 ...
radius-server host 192.168.10.101 auth-port 1645 acct-port 1646
authentication-only key 1 ...
clock timezone gmt GMT-07
sntp server 192.168.11.20
enable super-user-password .....
logging host 192.168.12.50
no telnet server
username root password .....
no web-management
!
ip prefix-list LinkOut description "Link outbound advertisements"
ip prefix-list LinkOut seq 5 permit 207.46.236.0/24
ip prefix-list LinkOut seq 10 deny 192.168.0.0/16
ip prefix-list LinkOut seq 15 deny 127.0.0.0/8
ip prefix-list LinkOut seq 20 deny 172.16.0.0/12
ip prefix-list LinkOut seq 25 deny 10.0.0.0/8
ip prefix-list LinkOut seq 30 deny 0.0.0.0/0
!
ip prefix-list LinkIn description "Link inbound routes"
ip prefix-list LinkIn seq 5 deny 207.46.236.0/24
ip prefix-list LinkIn seq 10 deny 10.0.0.0/8
ip prefix-list LinkIn seq 15 deny 172.16.0.0/12
ip prefix-list LinkIn seq 20 deny 192.168.0.0/16
ip prefix-list LinkIn seq 25 deny 127.0.0.0/8
ip prefix-list LinkIn seq 30 permit 0.0.0.0/0
ip route 192.168.0.0/16 192.168.1.1
!
interface management 1
ip address 192.168.1.25/24
!
interface ethernet 1/1
port-name External Link
ip address 207.46.10.20/29
!
interface ve 1
ip address 207.46.236.1/27
!
!
!
router bgp
local-as 8071
neighbor 207.46.10.9 remote-as 8075
neighbor 207.46.10.9 shutdown
neighbor 207.46.10.9 password 1 ...
address-family ipv4 unicast
network 207.46.236.0/24
neighbor 207.46.10.9 prefix-list LinkIn in
neighbor 207.46.10.9 prefix-list LinkOut out
exit-address-family
address-family ipv4 multicast
exit-address-family
address-family ipv6 unicast
exit-address-family
address-family ipv6 multicast
exit-address-family
!
!
!
!
---- BEGIN SSH2 PUBLIC KEY ----
Comment: RomSecureShell DSA Public key
SSH key here ...
---- END SSH2 PUBLIC KEY ----
!
!
end
More information about the foundry-nsp
mailing list