<HTML dir=ltr><HEAD><TITLE>[f-nsp] Foundry BGP configuration</TITLE>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6001.18148" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText50985 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>BGP on Foundry is very similar to Cisco. Here is an example of one of our bgp sessions. </FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2> neighbor 111.222.333.444 remote-as 1234<BR> neighbor 111.222.333.444 password 1 ....</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2> neighbor 111.222.333.444 soft-reconfiguration inbound<BR> neighbor 111.222.333.444 prefix-list Bogon in<BR> neighbor 111.222.333.444 route-map in Transit:Provider:In<BR> neighbor 111.222.333.444 route-map out Transit:Provider:Out</FONT></DIV><FONT face=Arial color=#000000 size=2></FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Some things I noticed you may want to change/add:</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>1) Add soft-reconfiguration inbound<BR>2) On your deny prefix-list lines add "le 32"</DIV>
<DIV dir=ltr> ip prefix-list LinkOut seq 10 deny 192.168.0.0/16 le 32</DIV>
<DIV dir=ltr>3) You may want to keep your ve number the same as the vlan number. It makes things easy to find later.<BR></FONT></DIV></DIV>
<DIV id=idSignature39049 dir=ltr>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000 size=2>-Daniel</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> foundry-nsp-bounces@puck.nether.net on behalf of Chris Cameron<BR><B>Sent:</B> Mon 11/24/2008 4:35 PM<BR><B>To:</B> foundry-nsp@puck.nether.net<BR><B>Subject:</B> [f-nsp] Foundry BGP configuration<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>I'm hoping someone will be kind enough to review my Foundry<BR>configuration, and tell me if I've missed anything obvious before I<BR>try to deploy this on a live network.<BR><BR>Currently we're using a Cisco 3845 for BGP to a single provider. We're<BR>migrating to a Foundry RX4, so this configuration is just my attempt<BR>at a 1-for-1 configuration.<BR><BR>My areas of concern are:<BR>- The prefix-list and how it is matched (default deny? Matches then stops?)<BR>- The IP/virtual interface given to vlan100 in order to have an IP<BR>usable for the 1/13 to 1/16 trunk. This is quite different than what<BR>was done with the Cisco.<BR>- Any defaults the Cisco may have relied on that the Foundry isn't<BR>configured to match<BR><BR>Below is the sanitized configuration. I appreciate any help.<BR><BR>Chris<BR><BR>Current configuration:<BR>!<BR>ver V2.4.0eT143<BR>module 1 rx-bi-1g-24-port-fiber<BR>module 2 rx-bi-1g-24-port-fiber<BR>!<BR>trunk ethe 1/13 to 1/16<BR>!<BR>spanning-tree<BR>!<BR>vlan 100<BR> untagged ethe 1/13 to 1/16<BR> router-interface ve 1<BR>!<BR>vlan 1 name DEFAULT-VLAN<BR>!<BR>!<BR>!<BR>aaa authentication login default radius local<BR>radius-server host 192.168.10.100 auth-port 1645 acct-port 1646<BR>authentication-only key 1 ...<BR>radius-server host 192.168.10.101 auth-port 1645 acct-port 1646<BR>authentication-only key 1 ...<BR>clock timezone gmt GMT-07<BR>sntp server 192.168.11.20<BR>enable super-user-password .....<BR>logging host 192.168.12.50<BR>no telnet server<BR>username root password .....<BR>no web-management<BR>!<BR>ip prefix-list LinkOut description "Link outbound advertisements"<BR>ip prefix-list LinkOut seq 5 permit 207.46.236.0/24<BR>ip prefix-list LinkOut seq 10 deny 192.168.0.0/16<BR>ip prefix-list LinkOut seq 15 deny 127.0.0.0/8<BR>ip prefix-list LinkOut seq 20 deny 172.16.0.0/12<BR>ip prefix-list LinkOut seq 25 deny 10.0.0.0/8<BR>ip prefix-list LinkOut seq 30 deny 0.0.0.0/0<BR>!<BR>ip prefix-list LinkIn description "Link inbound routes"<BR>ip prefix-list LinkIn seq 5 deny 207.46.236.0/24<BR>ip prefix-list LinkIn seq 10 deny 10.0.0.0/8<BR>ip prefix-list LinkIn seq 15 deny 172.16.0.0/12<BR>ip prefix-list LinkIn seq 20 deny 192.168.0.0/16<BR>ip prefix-list LinkIn seq 25 deny 127.0.0.0/8<BR>ip prefix-list LinkIn seq 30 permit 0.0.0.0/0<BR>ip route 192.168.0.0/16 192.168.1.1<BR>!<BR>interface management 1<BR> ip address 192.168.1.25/24<BR>!<BR>interface ethernet 1/1<BR> port-name External Link<BR> ip address 207.46.10.20/29<BR>!<BR>interface ve 1<BR> ip address 207.46.236.1/27<BR>!<BR>!<BR>!<BR>router bgp<BR> local-as 8071<BR> neighbor 207.46.10.9 remote-as 8075<BR> neighbor 207.46.10.9 shutdown<BR> neighbor 207.46.10.9 password 1 ...<BR><BR> address-family ipv4 unicast<BR> network 207.46.236.0/24<BR> neighbor 207.46.10.9 prefix-list LinkIn in<BR> neighbor 207.46.10.9 prefix-list LinkOut out<BR> exit-address-family<BR><BR> address-family ipv4 multicast<BR> exit-address-family<BR><BR> address-family ipv6 unicast<BR> exit-address-family<BR><BR> address-family ipv6 multicast<BR> exit-address-family<BR>!<BR>!<BR>!<BR>!<BR>---- BEGIN SSH2 PUBLIC KEY ----<BR>Comment: RomSecureShell DSA Public key<BR>SSH key here ...<BR>---- END SSH2 PUBLIC KEY ----<BR>!<BR>!<BR>end<BR>_______________________________________________<BR>foundry-nsp mailing list<BR>foundry-nsp@puck.nether.net<BR><A href="http://puck.nether.net/mailman/listinfo/foundry-nsp">http://puck.nether.net/mailman/listinfo/foundry-nsp</A><BR></FONT></P></DIV></BODY></HTML>