Friday , September 20 2024

IP prefix list to filter routes

11 Jul, 2013 0

How to filter advertised and received routes on Huawei router?

Let’s try to check it based on the following topology:

 

  1. Configure basic OSPF functions on all routers.
  2. Configure static routes on AR1 router and import them to OSPF.
  3. Use filter-policy for advertised routes on AR1.
  4. Use filter-policy for received routes on AR3.

OSPF configuration (AR2 as an example):

[AR2]dis cur config ospf
#
ospf 1 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 150.0.1.0 0.0.0.3 
  network 150.0.1.4 0.0.0.3 
  network 150.0.1.8 0.0.0.3

Configure static routes on AR1:

[AR1]ip route-static 172.16.10.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.20.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.30.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.40.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.50.0 255.255.255.0 NULL0

Import these routes to OSPF:

[AR1]ospf
[AR1-ospf-1]import-route static

Check IP routing tables of AR2, AR3 and AR4 routers:

[AR2]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 22       Routes : 22       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   1           D   150.0.1.1       GigabitEthernet0/0/0
        2.2.2.2/32  Direct  0    0           D   127.0.0.1       LoopBack0
        3.3.3.3/32  OSPF    10   1           D   150.0.1.6       GigabitEthernet0/0/1
        4.4.4.4/32  OSPF    10   1           D   150.0.1.10      GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  Direct  0    0           D   150.0.1.2       GigabitEthernet0/0/0
      150.0.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.4/30  Direct  0    0           D   150.0.1.5       GigabitEthernet0/0/1
      150.0.1.5/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.8/30  Direct  0    0           D   150.0.1.9       GigabitEthernet2/0/0
      150.0.1.9/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.40.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.50.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[AR3]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 18       Routes : 18       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
        2.2.2.2/32  OSPF    10   1           D   150.0.1.5       GigabitEthernet0/0/1
        3.3.3.3/32  Direct  0    0           D   127.0.0.1       LoopBack0
        4.4.4.4/32  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
      150.0.1.4/30  Direct  0    0           D   150.0.1.6       GigabitEthernet0/0/1
      150.0.1.6/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.8/30  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.40.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.50.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[AR4]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 18       Routes : 18       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        2.2.2.2/32  OSPF    10   1           D   150.0.1.9       GigabitEthernet0/0/0
        3.3.3.3/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        4.4.4.4/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.4/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.8/30  Direct  0    0           D   150.0.1.10      GigabitEthernet0/0/0
     150.0.1.10/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.40.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.50.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

As you can see, all static routes imported to OSPF are available as O_ASE.

Now we can filter routes advertised by AR1 router. Only three routes will be advertised: 172.16.10.0/24, 172.16.20.0/24 and 172.16.30.0/24.

Create IP prefix list named AR1toAR2 and permit these 3 routes:

[AR1]ip ip-prefix AR1toAR2 index 10 permit 172.16.10.0 24
[AR1]ip ip-prefix AR1toAR2 index 20 permit 172.16.20.0 24
[AR1]ip ip-prefix AR1toAR2 index 30 permit 172.16.30.0 24

Apply filter-policy to OSPF:

[AR1]ospf
[AR1-ospf-1]filter-policy ip-prefix AR1toAR2 export

Check IP routing table, for instance AR2:

[AR2]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 20       Routes : 20       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   1           D   150.0.1.1       GigabitEthernet0/0/0
        2.2.2.2/32  Direct  0    0           D   127.0.0.1       LoopBack0
        3.3.3.3/32  OSPF    10   1           D   150.0.1.6       GigabitEthernet0/0/1
        4.4.4.4/32  OSPF    10   1           D   150.0.1.10      GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  Direct  0    0           D   150.0.1.2       GigabitEthernet0/0/0
      150.0.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.4/30  Direct  0    0           D   150.0.1.5       GigabitEthernet0/0/1
      150.0.1.5/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.8/30  Direct  0    0           D   150.0.1.9       GigabitEthernet2/0/0
      150.0.1.9/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

From the output you can noticed that only three routes are advertised by AR1.

Now configure filter-policy for routes received by AR3.

Create IP prefix list on AR3 that permits only 172.16.10.0/24 route:

[AR3]ip ip-prefix AR2toAR3 index 10 permit 172.16.10.0 24

Apply filter-policy to OSPF as import:

[AR3]ospf
[AR3-ospf-1]filter-policy ip-prefix AR2toAR3 import

Check routing table of AR3 router:

[AR3]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 9        Routes : 9        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        3.3.3.3/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.4/30  Direct  0    0           D   150.0.1.6       GigabitEthernet0/0/1
      150.0.1.6/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

Check IP routing table of AR4 router:

[AR4]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 16       Routes : 16       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        2.2.2.2/32  OSPF    10   1           D   150.0.1.9       GigabitEthernet0/0/0
        3.3.3.3/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        4.4.4.4/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.4/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.8/30  Direct  0    0           D   150.0.1.10      GigabitEthernet0/0/0
     150.0.1.10/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

As you can see only one route is received by AR3. So filter-policy works correctly. AR4 router still receives all three routes.

Read More »

Huawei eNSP – news

4 Jul, 2013 0

A new version of Huawei simulator eNSP has been released. One of new features is AR CPU reduction. Besides that, reboot functionality of AR router has been provided. Also a few features have been modified. All information you can find in a release notes for this version.

Download, test and enjoy!

huawei-enterprise-network-simulation-platform

Read More »

how to find “TTL exceeded” packets

28 Jun, 2013 0

Let’s imagine you are an IP engineer and suddenly found increasing number of “TTL exceeded” packets on your router. Your first thought is “what the hell is it? How to find a source of these packets?”

Take it easy. You will know how to investigate such issue on Huawei router.

[labnario]display ip statistics
  Input:     sum               2783201      local               2321967
             bad protocol            0      bad format                0
             bad checksum            0      bad options               0
             discard srr             0      TTL exceeded         494196
  Output:    forwarding              0      local                886008
             dropped                 0      no route                  0
  Fragment:  input                   0      output                    0
             dropped                 0
             fragmented              0      couldn't fragment         0
  Reassembling:sum                   0      timeouts                  0

As you can see there are “TTL exceeded” packets. “Display ip statistics” command shows packets that are directed to CPU. Don’t mix it up with packets found on the interface. For example, you don’t have dropped packets on the interface but “display ip statistics” shows such packets.

What does it mean “TTL exceeded”?

It means the router receives packets with TTL=1.

What happens if it receives such packets?

It sends timeout-icmp packets.

We can check it using the following command:

[labnario]display icmp statistics
  Input: bad formats            0      bad checksum                     0
         echo                3108      destination unreachable        294
         source quench          0      redirects                        0
         echo reply             0      parameter problem                0
         timestamp              0      information request              0
         mask requests          0      mask replies                     0
         time exceeded          0
         Mping request          0      Mping reply                      0
  Output:echo                   0      destination unreachable          0
         source quench          0      redirects                        0
         echo reply          3108      parameter problem                0
         timestamp              0      information reply                0
         mask requests          0      mask replies                     0
         time exceeded     494196
         Mping request          0      Mping reply                      0

When you compare both outputs you will see that “TTL exceeded = time exceeded“.

And now how to find the source of these packets:

Feb 14 2012 09:08:08.250.1 labnario IP/7/debug_icmp:Slot=3;ICMP Send: ttl-exceeded(Type=11, Code=0), Src = 10.222.143.13, Dst = 172.16.20.88; Original IP header: Pro = 17, Src = 172.16.20.88, Dst = 10.222.143.113, First 8 bytes = B5E400A1 002C9D0D

As you can see debugging ICMP packets is helpful in this case.

Read More »

Link Flapping Protection on Huawei switches

26 Jun, 2013 0

I have come across link flapping protection feature recently. It is available on S5700 switches. It looks like it is a new feature on Huawei switches. I had not met it in older hardware versions. That’s why I decided to write a few words about it. Unfortunatelly, although this command is available in Huawei network simulator eNSP, it does not work properly. But maybe you will have possibility check it on your real devices.

Port flapping (port going UP and DOWN continually) can be caused by a faulty cable, link failure, active/standby switchover, port hardware failure, etc. Frequent status changes on an interface can lead to:

  • STP topology recalculation and changes,
  • ARP entries updates,
  • dynamic routing instability and convergence problems.

All these issues can negatively affect switch performance and should be avoided.

Link Flapping Protection is a feature that can be implemented on an interface to solve problems caused by the flapping port or link. It checks the interface flapping frequency and link flapping detection interval. If the number of interface flapping times reaches the limit, in a specified period, the interface is shut down.

How to configure Link Flapping Protection? Please see below:

<labnarioSW1>sys
Enter system view, return user view with Ctrl+Z.
[labnarioSW1]int e0/0/1
[labnarioSW1-Ethernet0/0/1]port link-flap protection enable

By default this functionality is disabled on the interface. When enabled, default link flapping interval is set to 10 seconds and the number of flapping events is set to 5. This can be easily changed using the following commands:

[labnarioSW1-Ethernet0/0/1]port link-flap threshold 6
[labnarioSW1-Ethernet0/0/1]port link-flap interval 18

To bring the interface back to UP state, manual interface undo shutdown command is required or automatic error-down auto-recovery feature, described a few weeks ago.

Read More »

BGP LocPref once again

21 Jun, 2013 0

Let’s keep going and try to configure BGP local preference attribute using route-policy.

We can take full advantage of topology and configuration from the last post: “BGP default local preference in Huawei CLI“.

 

  1. Assure full connectivity based on the attached topology (look at the previous article).
  2. Configure Loopback 10 and Loopback 20 on router AR4.
  3. Import all Loopback interfaces of router AR4 to BGP.

After we configure locpref attributes:

  • Traffic directed to network 111.111.111.111/32 is leaving AS100 through AR2 router.
  • Traffic directed to network 222.222.222.222/32 is leaving AS100 through AR3 router.
  • Keep local preference 100 for all other traffic.

Let’s come to the point.

Configure Loopbacks interfaces on AR4 router:

[AR4]dis current-configuration interface loopback
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
#
interface LoopBack10
 ip address 111.111.111.111 255.255.255.255 
#
interface LoopBack20
 ip address 222.222.222.222 255.255.255.255 
#

Import configured networks into BGP:

[AR4]bgp 200
[AR4-bgp]import-route direct

Check IP and BGP routing tables of AR1 router:

[AR1]dis ip rout
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 20       Routes : 21       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack0
        2.2.2.2/32  OSPF    10   1           D   10.1.1.2        GigabitEthernet0/0/0
        3.3.3.3/32  OSPF    10   1           D   10.1.2.2        GigabitEthernet0/0/1
        4.4.4.4/32  IBGP    255  0          RD   150.1.1.2       GigabitEthernet0/0/0
       10.1.1.0/30  Direct  0    0           D   10.1.1.1        GigabitEthernet0/0/0
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       10.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       10.1.2.0/30  Direct  0    0           D   10.1.2.1        GigabitEthernet0/0/1
       10.1.2.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
       10.1.2.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
       10.1.3.0/30  OSPF    10   2           D   10.1.2.2        GigabitEthernet0/0/1
                    OSPF    10   2           D   10.1.1.2        GigabitEthernet0/0/0
100.100.100.100/32  Direct  0    0           D   127.0.0.1       LoopBack100
111.111.111.111/32  IBGP    255  0          RD   150.1.1.2       GigabitEthernet0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.1.1.0/30  OSPF    10   2           D   10.1.1.2        GigabitEthernet0/0/0
      150.2.2.0/30  OSPF    10   2           D   10.1.2.2        GigabitEthernet0/0/1
222.222.222.222/32  IBGP    255  0          RD   150.1.1.2       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[AR1]dis bgp routing-table 

 BGP Local router ID is 1.1.1.1 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete

 Total Number of Routes: 9
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  4.4.4.4/32         150.1.1.2       0          100        0      200?
 * i                     150.2.2.2       0          100        0      200?
 *>   100.100.100.100/32 0.0.0.0         0                     0      i
 *>i  111.111.111.111/32 150.1.1.2       0          100        0      200?
 * i                     150.2.2.2       0          100        0      200?
 *>i  150.1.1.0/30       2.2.2.2         0          100        0      i
 *>i  150.2.2.0/30       3.3.3.3         0          100        0      i
 *>i  222.222.222.222/32 150.1.1.2       0          100        0      200?
 * i                     150.2.2.2       0          100        0      200?

As you can see all traffic is leaving AS100 through AR2 router.

Configure 3 ACLs on AR2 and AR3 routers:

  • The first one permits source IP of Loopback 10 of router AR4.
  • The second one permits source IP of Loopback 20 of router AR4.
  • The third one permits all other networks.
[AR2]acl number 2000  
[AR2-acl-basic-2000] rule 5 permit source 111.111.111.111 0 
[AR2]acl number 2500  
[AR2-acl-basic-2500] rule 5 permit source 222.222.222.222 0 
[AR2]acl number 2600  
[AR2-acl-basic-2600] rule 5 permit 
[AR2-acl-basic-2600]

[AR3]acl number 2000  
[AR3-acl-basic-2000] rule 5 permit source 111.111.111.111 0 
[AR3]acl number 2500  
[AR3-acl-basic-2500] rule 5 permit source 222.222.222.222 0 
[AR3]acl number 2600  
[AR3-acl-basic-2600] rule 5 permit

Configure route-policy, named locpref, on AR2 and AR3 routers:

[AR2]route-policy locpref permit node 10 
[AR2-route-policy] if-match acl 2000 
[AR2-route-policy] apply local-preference 300 
[AR2-route-policy]qu
[AR2]route-policy locpref permit node 20 
[AR2-route-policy] if-match acl 2500 
[AR2-route-policy] apply local-preference 200 
[AR2-route-policy]qu
[AR2]route-policy locpref permit node 30 
[AR2-route-policy] if-match acl 2600 
[AR2-route-policy] apply local-preference 100 
[AR2-route-policy]

[AR3]route-policy locpref permit node 10 
[AR3-route-policy] if-match acl 2000 
[AR3-route-policy] apply local-preference 200
[AR3-route-policy]qu
[AR3]route-policy locpref permit node 20 
[AR3-route-policy] if-match acl 2500 
[AR3-route-policy] apply local-preference 300 
[AR3-route-policy]qu
[AR3]route-policy locpref permit node 30 
[AR3-route-policy] if-match acl 2600 
[AR3-route-policy] apply local-preference 100 
[AR3-route-policy]

Assign locpref route-policy to BGP peers on AR2 and AR3 routers:

[AR2]bgp 100
[AR2-bgp]peer 1.1.1.1 route-policy locpref export

[AR3]bgp 100
[AR3-bgp]peer 1.1.1.1 route-policy locpref export

Let’s check IP and BGP routing tables of AR1 router again:

[AR1]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 20       Routes : 21       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack0
        2.2.2.2/32  OSPF    10   1           D   10.1.1.2        GigabitEthernet0/0/0
        3.3.3.3/32  OSPF    10   1           D   10.1.2.2        GigabitEthernet0/0/1
        4.4.4.4/32  IBGP    255  0          RD   150.1.1.2       GigabitEthernet0/0/0
       10.1.1.0/30  Direct  0    0           D   10.1.1.1        GigabitEthernet0/0/0
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       10.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       10.1.2.0/30  Direct  0    0           D   10.1.2.1        GigabitEthernet0/0/1
       10.1.2.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
       10.1.2.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
       10.1.3.0/30  OSPF    10   2           D   10.1.2.2        GigabitEthernet0/0/1
                    OSPF    10   2           D   10.1.1.2        GigabitEthernet0/0/0
100.100.100.100/32  Direct  0    0           D   127.0.0.1       LoopBack100
111.111.111.111/32  IBGP    255  0          RD   150.1.1.2       GigabitEthernet0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.1.1.0/30  OSPF    10   2           D   10.1.1.2        GigabitEthernet0/0/0
      150.2.2.0/30  OSPF    10   2           D   10.1.2.2        GigabitEthernet0/0/1
222.222.222.222/32  IBGP    255  0          RD   150.2.2.2       GigabitEthernet0/0/1
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[AR1]dis bgp rout

 BGP Local router ID is 1.1.1.1 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete

 Total Number of Routes: 9
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  4.4.4.4/32         150.1.1.2       0          100        0      200?
 * i                     150.2.2.2       0          100        0      200?
 *>   100.100.100.100/32 0.0.0.0         0                     0      i
 *>i  111.111.111.111/32 150.1.1.2       0          300        0      200?
 * i                     150.2.2.2       0          200        0      200?
 *>i  150.1.1.0/30       2.2.2.2         0          100        0      i
 *>i  150.2.2.0/30       3.3.3.3         0          100        0      i
 *>i  222.222.222.222/32 150.2.2.2       0          300        0      200?
 * i                     150.1.1.2       0          200        0      200?

Finally we did what we wanted to do. Our route-policy is working properly and traffic directed to Loopback 10 of AR4 router is going through AR2. Traffic directed to Loopback 20 of AR4 is going through AR3. For remaing traffic, local preference attribute is not to be taken into account for choosing the best path.

Read More »
Design By: ThemeTen