[f-nsp] Foundry BGP configuration
Daniel Faubel
daniel at net2ez.com
Tue Nov 25 10:10:27 EST 2008
BGP on Foundry is very similar to Cisco. Here is an example of one of our bgp sessions.
neighbor 111.222.333.444 remote-as 1234
neighbor 111.222.333.444 password 1 ....
neighbor 111.222.333.444 soft-reconfiguration inbound
neighbor 111.222.333.444 prefix-list Bogon in
neighbor 111.222.333.444 route-map in Transit:Provider:In
neighbor 111.222.333.444 route-map out Transit:Provider:Out
Some things I noticed you may want to change/add:
1) Add soft-reconfiguration inbound
2) On your deny prefix-list lines add "le 32"
ip prefix-list LinkOut seq 10 deny 192.168.0.0/16 le 32
3) You may want to keep your ve number the same as the vlan number. It makes things easy to find later.
-Daniel
________________________________
From: foundry-nsp-bounces at puck.nether.net on behalf of Chris Cameron
Sent: Mon 11/24/2008 4:35 PM
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] Foundry BGP configuration
I'm hoping someone will be kind enough to review my Foundry
configuration, and tell me if I've missed anything obvious before I
try to deploy this on a live network.
Currently we're using a Cisco 3845 for BGP to a single provider. We're
migrating to a Foundry RX4, so this configuration is just my attempt
at a 1-for-1 configuration.
My areas of concern are:
- The prefix-list and how it is matched (default deny? Matches then stops?)
- The IP/virtual interface given to vlan100 in order to have an IP
usable for the 1/13 to 1/16 trunk. This is quite different than what
was done with the Cisco.
- Any defaults the Cisco may have relied on that the Foundry isn't
configured to match
Below is the sanitized configuration. I appreciate any help.
Chris
Current configuration:
!
ver V2.4.0eT143
module 1 rx-bi-1g-24-port-fiber
module 2 rx-bi-1g-24-port-fiber
!
trunk ethe 1/13 to 1/16
!
spanning-tree
!
vlan 100
untagged ethe 1/13 to 1/16
router-interface ve 1
!
vlan 1 name DEFAULT-VLAN
!
!
!
aaa authentication login default radius local
radius-server host 192.168.10.100 auth-port 1645 acct-port 1646
authentication-only key 1 ...
radius-server host 192.168.10.101 auth-port 1645 acct-port 1646
authentication-only key 1 ...
clock timezone gmt GMT-07
sntp server 192.168.11.20
enable super-user-password .....
logging host 192.168.12.50
no telnet server
username root password .....
no web-management
!
ip prefix-list LinkOut description "Link outbound advertisements"
ip prefix-list LinkOut seq 5 permit 207.46.236.0/24
ip prefix-list LinkOut seq 10 deny 192.168.0.0/16
ip prefix-list LinkOut seq 15 deny 127.0.0.0/8
ip prefix-list LinkOut seq 20 deny 172.16.0.0/12
ip prefix-list LinkOut seq 25 deny 10.0.0.0/8
ip prefix-list LinkOut seq 30 deny 0.0.0.0/0
!
ip prefix-list LinkIn description "Link inbound routes"
ip prefix-list LinkIn seq 5 deny 207.46.236.0/24
ip prefix-list LinkIn seq 10 deny 10.0.0.0/8
ip prefix-list LinkIn seq 15 deny 172.16.0.0/12
ip prefix-list LinkIn seq 20 deny 192.168.0.0/16
ip prefix-list LinkIn seq 25 deny 127.0.0.0/8
ip prefix-list LinkIn seq 30 permit 0.0.0.0/0
ip route 192.168.0.0/16 192.168.1.1
!
interface management 1
ip address 192.168.1.25/24
!
interface ethernet 1/1
port-name External Link
ip address 207.46.10.20/29
!
interface ve 1
ip address 207.46.236.1/27
!
!
!
router bgp
local-as 8071
neighbor 207.46.10.9 remote-as 8075
neighbor 207.46.10.9 shutdown
neighbor 207.46.10.9 password 1 ...
address-family ipv4 unicast
network 207.46.236.0/24
neighbor 207.46.10.9 prefix-list LinkIn in
neighbor 207.46.10.9 prefix-list LinkOut out
exit-address-family
address-family ipv4 multicast
exit-address-family
address-family ipv6 unicast
exit-address-family
address-family ipv6 multicast
exit-address-family
!
!
!
!
---- BEGIN SSH2 PUBLIC KEY ----
Comment: RomSecureShell DSA Public key
SSH key here ...
---- END SSH2 PUBLIC KEY ----
!
!
end
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20081125/6ec03bb8/attachment.html>
More information about the foundry-nsp
mailing list