BGP Configuration using GNS3 Dear Experts, Please see here attached packet tracer 6.2 file (if you do not have Packet tracer then see another. JPG file) which have BGP diagram with Configuration. I am confused in each router's ' Neighbour ' and 'Network' commands. So please verify once my configuration or see image accordingly and write. Jun 21, 2010 All IP addresses have been preconfigured for you. Configure BGP on all routers, use the Autonomous System (AS) numbers as specified in the topology picture. The ISP routers have the following loopbacks: ISP1 Loopback0: 2.2.2.2 /24. ISP2 Loopback0: 3.3.3.3 /28.
Before ASA software version 9.2(1), BGP was unsupported on the ASA. This means if you need to peer with your ISP via BGP, you must put a router (or multilayer switch) at the Internet edge. Thankfully, BGP is now supported on the ASA and we will be looking at this “new” feature on the ASA. I say new in quotes because it’s been available since version 9.2(1) and the latest version is 9.4.
Note: You can refer to this article on how to set up Cisco ASA in VMware and integrating it with GNS3.
We will be using a simple topology, as shown below:
The GNS3 topology is as shown below. Note that the “BGP-ASA” is actually a cloud with two interfaces – Wi-fi and VMnet1. I only changed the symbol so that it looks like an ASA. Also note that the 192.168.1.0/24 subnet behind R1 will be configured as a loopback interface.
The basic interface configuration on the ASA is as follows:
The configuration on the routers is standard interface configuration and you can find them in the GNS3 files attached. For example, the IP address of R1’s Fa0/0 interface is 10.10.10.2 and a Lo0 interface with IP address of 192.168.1.1. The IP address of R2’s Fa0/0 interface is 192.168.0.2.
EBGP Configuration
For this first scenario, we will assume that the ASA (and R2) are in AS1 while R1 is in AS2. We want to form a BGP session between the ASA and R1.
The configuration on R1 is as follows:
BGP configuration on the ASA is based on the address family model, although only the IPv4 address family is currently supported. I guess the plan is to add support for other families like IPv6 later.
The address family configuration is not that different from your normal BGP configuration style except that you just define most of your BGP commands (e.g., neighbor, network, etc.) under the address family. Therefore, the BGP configuration on the ASA is as follows:
Some of the configuration are the default BGP configuration and the only commands I configured were defining the BGP process (router bgp 1), going under the address family (address-family ipv4 unicast), configuring the neighbor (neighbor 10.10.10.2 remote-as 2), and adding the network statement. Every other thing was added automatically.
As on a normal Cisco IOS device, we can also verify our BGP configuration on the ASA. If you are familiar with the Cisco ASA, then you should know that most show commands on the Cisco IOS that have “ip” in them are the same commands on the Cisco ASA without the “ip”. For example, “show ip route” on the Cisco IOS is equivalent to “show route” on the Cisco ASA.
Using this logic, we can infer some BGP show commands on the ASA. The first on the list is the show bgp command.
Even before we check the BGP neighbors, we can already see the 192.168.1.0/24 route advertised by R1 (10.10.10.2), so we know that our BGP session is up. I can also use the show bgp summary command to view some information about the BGP process including the BGP neighbors:
You can go ahead and play around with the other show commands, such as show bgp neighbors and show bgp .
BGP Routing Policies on the ASA
The ASA actually supports most of the features you will use in BGP to configure routing policies. Let’s look at a few of them.
Route filtering
The ASA supports several ways to filter routes to a specific neighbor, including distribute lists, prefix lists and route maps.
To test this out, I will configure another subnet (172.16.0.0/24) behind the ASA. This will just be a loopback interface on R2 and I will advertise this new network in BGP from the ASA. The configuration on the ASA is as follows:
If we check on R1 now, we see that it knows about this new network from the ASA:
Now let us use a distribute-list on the ASA to prevent this route from being advertised to R1. The configuration on the ASA is as follows:
Hint: “any4” is the shortcut for 0.0.0.0 0.0.0.0
Now when we check R1, we see that 172.16.0.0/24 route is no more present:
We can also confirm on the ASA that the route was filtered by looking at a section of the show bgp neighbors output:
Route maps for BGP
Another thing supported in the BGP feature on the ASA is the use of route maps to define various policies. For example, let us configure the ASA to instruct R1 not to advertise the 192.168.0.0/24 prefix outside its AS. We do this by setting a community attribute of NO_EXPORT for that route.
When we check that route on R1 now, we see the NO_EXPORT community attribute has been applied to it:
Hint: Remember to add the neighbor send-community command because, by default, community attributes are not sent to BGP neighbors.
Summary
I’m really excited about the new features being added to the Cisco ASA, including BGP support, clustering, and policy-based routing (in version 9.4).
In this article, we have configured BGP directly on our ASA and seen that it supports using various configuration items such as distribute list and route maps to define routing policies.
I hope you have found this article as interesting as I have enjoyed writing it.
Further Reading
In this free GNS3 Lab you will be configuring EIGRP, OSPF, IBGP and BGP across multiple autonomous systems. You will also configure Point-to-Point and Point-to-Multipoint Frame-Relay. For this lab we are using an old INE topology consists of 9 routers and 4 level 3 switches. Routers with switching modules install have been substituted for level 3 switches as GNS3 does not support level 3 switches.
Advanced BGP Lab-1 (3,977 hits)
Also check out these other assume training resources: