Lets form as eBGP peer with R5 and R4 with
indirect link (Loopback).
R4#sh run | sec router bgp
router bgp 400
no
synchronization
bgp
log-neighbor-changes
neighbor 150.5.5.5 remote-as 500
neighbor 150.5.5.5 ebgp-multihop 2
neighbor 150.5.5.5 update-source Loopback0
no auto-summary
R5#sh run |
sec router bgp
router bgp 500
no
synchronization
bgp
log-neighbor-changes
neighbor 150.4.4.4 remote-as 400
neighbor 150.4.4.4 ebgp-multihop 2
neighbor 150.4.4.4 update-source Loopback0
no
auto-summary
Here we should use the update source and as
well as ebgp multihop command.
Because By default bgp peer try to
establish the bgp peer with the source
address that’s is directly connected and with a TTL value 1.
To have indirect ebgp peer we should tell
the router for its update source and increase the TTL value.
R5#sh ip bgp ne | in Exter
External BGP neighbor may be up to 2 hops away.
In this there as an attack on TCP called
TCP Reset . so we have a mechanism of protecting with unwanted ebg peer
establishment.
Lets configure the ttl security feature
between R4 and R5.
R5(config-router)#neighbor 150.4.4.4
ttl-security hops 2
Remove ebgp-multihop before configuring
ttl-security
Note: We can have ttl security or ebg-multi
hop one command at a time not both together. So lets remove the ebg multihop
command.
R5(config-router)# neighbor 150.4.4.4
ttl-security hops 2
R4(config-router)# neighbor 150.5.5.5
ttl-security hops 2
R5#sh ip bgp ne | in Ext|Min
External BGP neighbor may be up to 2 hops away.
Connection is ECN Disabled, Mininum
incoming TTL 253, Outgoing TTL 255
Like this form ebgp peer with R6 - R1, R3 -
R5, R3 - R4 and R4 - R5.
No comments:
Post a Comment