In the first part we’ve set up basic layer 3 reachability. Now it is time to setup the BGP peering. First lets begin with setting up the IX Clients (CL-2 has an additional loopback (lo2) configured, the associated subnet is 100.64.200.0/24. This should be tagged with the NO_ADVERTISE community.). The Clients will, apart from setting communities, not apply any filtering in the IX direction (They will filter on direct peer links, like CL-1 <-> CL-3). This will follow in part 3.
CL-1
!
router bgp 10
neighbor 100.64.1.1 remote-as 1000
neighbor 100.64.1.1 send-community standard large
neighbor 100.64.254.2 remote-as 30
redistribute connected
!
address-family ipv4
neighbor 100.64.1.1 activate
neighbor 100.64.254.2 activate
!CL-2
!
ip prefix-list PL_NO_ADV seq 1 permit 100.64.200.0/24 eq 24
!
route-map RM_IXP_OUT permit 10
match ip address prefix-list PL_NO_ADV
set community no-advertise
!
route-map RM_IXP_OUT permit 20
!
router bgp 20
neighbor 100.64.1.1 remote-as 1000
neighbor 100.64.1.1 route-map RM_IXP_OUT out
neighbor 100.64.1.1 send-community standard large
redistribute connected
!
address-family ipv4
neighbor 100.64.1.1 activate
!CL-3
!
router bgp 30
neighbor 100.64.1.1 remote-as 1000
neighbor 100.64.1.1 send-community standard large
neighbor 100.64.254.1 remote-as 10
redistribute connected
!
address-family ipv4
neighbor 100.64.1.1 activate
neighbor 100.64.254.1 activate
!Configuring the IXP Route Server
The route server will deny routes to the management network (172.20.20.0/24) and ones tagged with well-known communities (NO_ADVERTISE and NO_EXPORT ). In part 3 we will try to setup action communities like DE-CIX.
!
ip community-list CL_WELL_KNOWN permit no-advertise
ip community-list CL_WELL_KNOWN permit no-export
!
ip prefix-list PL_MGMT
seq 1 permit 172.20.20.0/24 eq 24
!
route-map MANAGEMENT deny 10
match ip address prefix-list PL_MGMT
!
route-map RM_COMMUNITY_FILTER deny 10
match large-community CL_WELL_KNOWN
!
route-map RM_RS_PEER_GRP_1 deny 10
sub-route-map MANAGEMENT
!
route-map RM_RS_PEER_GRP_1 deny 11
sub-route-map RM_COMMUNITY_FILTER
!
route-map RM_RS_PEER_GRP_1 permit 20
!
router bgp 1000
router-id 100.64.1.1
bgp route-reflector preserve-attributes
neighbor RS_PEER_GROUP_1 peer group
neighbor RS_PEER_GROUP_1 route-reflector-client
neighbor RS_PEER_GROUP_1 route-reflector cluster-id 100.64.1.1
neighbor RS_PEER_GROUP_1 route-map RM_RS_PEER_GRP_1 in
neighbor RS_PEER_GROUP_1 route-map RM_RS_PEER_GRP_1 out
neighbor RS_PEER_GROUP_1 send-community standard large
neighbor 100.64.1.11 peer group RS_PEER_GROUP_1
neighbor 100.64.1.11 remote-as 10
neighbor 100.64.1.21 peer group RS_PEER_GROUP_1
neighbor 100.64.1.21 remote-as 20
neighbor 100.64.1.31 peer group RS_PEER_GROUP_1
neighbor 100.64.1.31 remote-as 30
!
address-family ipv4
neighbor RS_PEER_GROUP_1 activate
!Current bgp table looks like this on the IX:
ix-rs-1(config-router-bgp)#sh ip bgp
BGP routing table information for VRF default
Router identifier 100.64.1.1, local AS number 1000
Route status codes: s - suppressed contributor, * - valid, > - active, E - ECMP head, e - ECMP
S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
% - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI Origin Validation codes: V - valid, I - invalid, U - unknown
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric AIGP LocPref Weight Path
* > 100.64.1.0/24 100.64.1.11 0 - 100 0 10 i
* 100.64.1.0/24 100.64.1.21 0 - 100 0 20 i
* 100.64.1.0/24 100.64.1.31 0 - 100 0 30 i
* > 100.64.10.0/24 100.64.1.11 0 - 100 0 10 i
* 100.64.10.0/24 100.64.1.31 0 - 100 0 30 10 i
* > 100.64.20.0/24 100.64.1.21 0 - 100 0 20 i
* > 100.64.30.0/24 100.64.1.31 0 - 100 0 30 i
* 100.64.30.0/24 100.64.1.11 0 - 100 0 10 30 i
* > 100.64.200.0/24 100.64.1.21 0 - 100 0 20 i
* > 100.64.254.0/30 100.64.1.11 0 - 100 0 10 i
* 100.64.254.0/30 100.64.1.31 0 - 100 0 30 i
* > 172.20.20.0/24 100.64.1.11 0 - 100 0 10 i
* 172.20.20.0/24 100.64.1.21 0 - 100 0 20 i
* 172.20.20.0/24 100.64.1.31 0 - 100 0 30 i
ix-rs-1(config-router-bgp)#sh ip route bgp
VRF: default
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B - Other BGP Routes,
B I - iBGP, B E - eBGP, R - RIP, I L1 - IS-IS level 1,
I L2 - IS-IS level 2, O3 - OSPFv3, A B - BGP Aggregate,
A O - OSPF Summary, NG - Nexthop Group Static Route,
V - VXLAN Control Service, M - Martian,
DH - DHCP client installed default route,
DP - Dynamic Policy Route, L - VRF Leaked,
G - gRIBI, RC - Route Cache Route
B E 100.64.10.0/24 [200/0] via 100.64.1.11, Vlan10
B E 100.64.20.0/24 [200/0] via 100.64.1.21, Vlan10
B E 100.64.30.0/24 [200/0] via 100.64.1.31, Vlan10
B E 100.64.200.0/24 [200/0] via 100.64.1.21, Vlan10
B E 100.64.254.0/30 [200/0] via 100.64.1.11, Vlan10
ix-rs-1(config-router-bgp)#Also check if NO_ADVERTISE is set for 100.64.200.0/24:
ix-rs-1(config-router-bgp)#sh ip bgp community no-advertise
BGP routing table information for VRF default
Router identifier 100.64.1.1, local AS number 1000
Route status codes: s - suppressed contributor, * - valid, > - active, E - ECMP head, e - ECMP
S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
% - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI Origin Validation codes: V - valid, I - invalid, U - unknown
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric AIGP LocPref Weight Path
* > 100.64.200.0/24 100.64.1.21 0 - 100 0 20 iPart 3 will focus more on route manipulation and filtering.
