Simple AS Howto

Introduction

This document is intended to introduce the reader to running a simple AS. This document isn't aimed at those who wish to do complicated engineering or transit other ASes across their network.

Our intention is to configure BGP on our network with our AS number 45000. We will have upstream connections to Level3 (AS3356), Onyx Internet (AS6067) and KPN (AS286). We want to announce our netblocks only to our peers, and build an optimum local routing table using the shortest-path routes from our peers.

Initially we'll assume that there is only one BGP-enabled router on our network, then we'll introduce another router and split the connectivity across both of them.

Simple AS Overview

The diagram above shows how routes should be announced across the network. However, if we merely setup a BGP session to each of our peers we won't announce our netblocks, but we will announce the entire internet to each of our transit providers!

Basic Configuration

In order to announce our netblocks to our peers we need to use 'Network' statements in our BGP configuration combined with static routes to 'nail' our prefixes into the routing table. This is achieved using the following configuration :

router bgp 45000
network 20.0.0.0 mask 255.0.0.0.0
network 21.0.0.0 mask 255.0.0.0.0
!
ip route 20.0.0.0 255.0.0.0 null0
ip route 21.0.0.0 255.0.0.0 null0

If we now bring up our BGP sessions, we'll announce our own netblocks along with the entire internet to all of our peers!

We need to filter our outbound announcements so that we only announce our own routes to our peers. This is done by configuring our peering sessions as below :

ip prefix-list as45000 seq 10 permit 20.0.0.0/8
ip prefix-list as45000 seq 20 permit 21.0.0.0/8
ip prefix-list as45000 seq 100 deny 0.0.0.0/0 le 32

router bgp 45000
  neighbor 11.0.0.1 remote-as 6067
  neighbor 11.0.0.1 description Onyx Internet
  neighbor 11.0.0.1 prefix-list as45000 out
  neighbor 13.0.0.1 remote-as 3356
  neighbor 13.0.0.1 description Level 3
  neighbor 13.0.0.1 prefix-list as45000 out
  neighbor 12.0.0.1 remote-as 286
  neighbor 12.0.0.1 description KPN Eurorings
  neighbor 12.0.0.1 prefix-list as45000 out
!

Firstly we've created a prefix list which will permit our supernets 20.0.0.0/8 and 21.0.0.0/8. We've then applied this prefix list to our outbound announcements.

This is a very simple configuration, but is sufficient for a number of applications, such as a web farm or mail cluster hosted in a datacentre with multiple connectivity providers.

Multiple Routers

Now we'll add another router to our AS, to introduce some resilience. We'll connect this new router (gw2) to the first (gw1) (and presumably also to the rest of our network) and move the KPN connection to it.

Simple AS Multiple Routers

As you can see from the diagram above, our routing tables won't be affected by introducing another router, as they'll distribute routes to eachother using an iBGP session. We're assuming here that our network has a working IGP and our two BGP routers both have working loopback addresses on Loopback0

The configuration for gw1:

router bgp 45000
  neighbor 20.0.0.2 remote-as 45000
  neighbor 20.0.0.2 description gw2
  neighbor 20.0.0.2 update-source Loopback0
!

The configuration for gw2:

router bgp 45000
  neighbor 20.0.0.1 remote-as 45000
  neighbor 20.0.0.1 description gw1
  neighbor 20.0.0.1 update-source Loopback0
!

Notice that we've not used the prefix-lists for these peering sessions. That's because we want gw1 and gw2 to send each other the entire routing tables. The update-source directive tells BGP to make the connection from its loopback address. The peer addresses we've used are the Loopback addresses for the routers.

Establishing our BGP sessions to and from our routers loopback addresses is important to keep our network stable, as the session isn't dependant on any single interface being up.