2 mars 2010

BGP Dampening - Part 2/3

Lab Dampening:











Configuration de R1:

hostname R1
!
interface Loopback1
ip address 172.16.1.1 255.240.0.0
!
interface Loopback2
ip address 4.3.2.1 255.255.255.0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
network 4.3.2.0 mask 255.255.255.0
network 10.0.0.0
network 172.16.0.0 mask 255.240.0.0
neighbor 192.168.1.2 remote-as 2
no auto-summary
!

Configuration de R2:

hostname R2
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.1.2 255.255.255.0
!
router bgp 2
bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 1
!
address-family ipv4
no synchronization
bgp dampening route-map RM_Dampening
neighbor 192.168.1.1 activate
no auto-summary
exit-address-family
!
ip prefix-list RFC1918_Dampening seq 5 permit 10.0.0.0/8 le 32
ip prefix-list RFC1918_Dampening seq 10 permit 172.16.0.0/12 le 32
ip prefix-list RFC1918_Dampening seq 15 permit 192.168.0.0/16 le 32
route-map RM_Dampening permit 10
match ip address prefix-list RFC1918_Dampening
set dampening 15 100 1000 60
!
route-map RM_Dampening permit 20
set dampening 15 750 2000 60
!

Ici, les prefixes RFC1918 ont des valeurs de dampening différentes des valeurs par défaut.
Si les valeurs choisies pour une route-map ne sont pas cohérente, un msg d'erreur apparait:

%BGP-5-DAMPENING_LOW_MAX_PENALTY Maximum penalty (12800) is less than allowed maximum (20000). Dampening is OFF

%BGP-5-DAMPENING_HIGH_MAX_PENALTY: Maximum penalty (128000) is more than allowed maximum (20000). Dampening is OFF

Validations:
On fait flapper la loopback 172.16.0.0/12. Le préfixe est annoncé puis retiré plusieurs fois de R2.
Ce network entre dans la première itération de la route-map:

* reuse-limit: 100
* suppress-penalty: 1000
* half-life: 15
* max-suppress-time: 60 (4x15)

On vérifie:

R2#show ip bgp 172.16.0.0/12
BGP routing table entry for 172.16.0.0/12, version 6
Paths: (1 available, no best path)
Not advertised to any peer
1, (suppressed due to dampening)
192.168.1.1 from 192.168.1.1 (10.1.1.254)
Origin IGP, metric 0, localpref 100, valid, external
Dampinfo: penalty 1024, flapped 2 times in 00:11:49, reuse in 00:06:08

R2#show ip bgp
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 4.3.2.0/24 192.168.1.1 0 0 1 i
*d 172.16.0.0/12 192.168.1.1 0 0 1 i

R2#show ip bgp dampening flap-statistics
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network From Flaps Duration Reuse Path
*d 172.16.0.0/12 192.168.1.1 2 00:22:43 00:06:03 1

R2#show ip bgp dampening dampened-paths
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network From Reuse Path
*d 172.16.0.0/12 192.168.1.1 00:06:43 1 i
-
Libellés : , , ,

NTP - ACL

NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...

  • Unicast Reverse Path Forwarding (uRPF)
    Unicast Reverse Path Forwarding (uRPF) uRPF est une feature permettant d'éviter l'IP Spoofing. Lorsque urpf est activé sur une in...
  • NTP - ACL
    NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...
  • Basic IPsec Virtual Tunnel Interface - VTI
    Le but est de monter un tunnel IPSec entre deux routeurs en utilisant des VTI. La clé partagée est: 1234. hostname R1 ! crypto isakm...