Internet Routing Architectures (CISCO):Configurinbg Effective Internet Routing Policies

Confederations

For the scenario in figure 11-14, we want to divide AS3 into two smaller sub-ASs, AS65050 and AS65060. The AS numbers of the sub-ASs are chosen from within the private AS pool range of 64512-65535. OSPF is used as the IGP in each sub-AS. The OSPF within AS65050 is running independently from the OSPF in AS65060, which means that the area numbers used in AS65050 can be reused in AS65060. This is taking advantage of one of the benefits of BGP, namely that IGPs in one AS run independently of IGPs in other ASs.

Figure 11-14 Confederation.

RTA's configuration shows that RTA has all its interfaces in OSPF area 5. RTA is running EBGP with RTC in AS1 and is running IBGP with RTG in AS65050. Note that RTA uses the bgp confederation identifier 3 router command to present itself to RTC as being part of confederation 3.

RTA configuration:

    router ospf 10
     passive-interface Serial0
     network 172.16.0.0 0.0.255.255 area 5

    router bgp 65050
     no synchronization
     bgp confederation identifier 3
     network 172.16.220.0 mask 255.255.255.0
     network 172.16.70.0 mask 255.255.255.0
     neighbor 172.16.20.1 remote-as 1
     neighbor 172.16.20.1 filter-list 10 out
     neighbor 172.16.70.2 remote-as 65050
     no auto-summary
    ip as-path access-list 10 permit ^$

RTC is running normal EBGP when talking to RTA. According to RTC, RTA belongs to AS3. RTC has no visibility to the sub-ASs inside confederation 3. RTC is also running EBGP with RTH in AS2.

RTC configuration:

    router bgp 1
      network 192.68.11.0
      neighbor 172.16.20.2 remote-as 3
      neighbor 192.68.6.1 remote-as 2
      no auto-summary

RTG is the sub-AS65050 border router that is running confederation EBGP with router RTF in sub-AS65060. RTG is also running IBGP with RTA. RTG is an OSPF area border router with a common area 5 with RTA and the rest of its interfaces in area 0. Note how RTG has disabled its OSPF processing on serial 1 (passive-interface Serial1), which is the common interface with RTF. Only EBGP is run on that link.

RTG also identifies itself as being part of confederation 3 (bgp confederation identifier 3). RTG uses the router command bgp confederation peers 65060 to preserve all the attributes, such as local preference and next hop when traversing the EBGP session to AS65060. This will make the confederation EBGP session with sub-AS65060 look like an IBGP session. The neighbor 172.16.50.1 next-hop-self command will set the next hop address of routes going from RTG to RTF to RTG's IP address. Without this command, the next hop address of all EBGP routes from AS1 will be sent to RTF with the external next hop 172.16.20.1, which is acceptable only as long as routers in sub-AS65060 can reach it from within the confederation.

RTG configuration:

    router ospf 10
     passive-interface Serial1
     network 172.16.70.2 0.0.0.0 area 5
     network 172.16.0.0 0.0.255.255 area 0

    router bgp 65050
     no synchronization
     bgp confederation identifier 3
     bgp confederation peers 65060
     network 172.16.112.0 mask 255.255.255.0
     network 172.16.50.0 mask 255.255.255.0
     network 172.16.70.0 mask 255.255.255.0
     neighbor 172.16.50.1 remote-as 65060
     neighbor 172.16.50.1 next-hop-self
     neighbor 172.16.70.1 remote-as 65050
     no auto-summary

The same configuration that is in RTG applies to RTF, which is the border router of sub-AS65060. RTF is also an area border router in areas 0 and 5. Areas 0 and 5 in AS65060 are totally independent from areas 0 and 5 in AS65050. The two IGPs are shielded from each other by BGP. Full mesh IBGP sessions are configured between RTE, RTD, and RTF by using the peer group SUB_AS_65060.

RTF configuration:

   router ospf 10
    passive-interface Serial2/1
    network 172.16.25.1 0.0.0.0 area 5
    network 172.16.0.0 0.0.255.255 area 0

   router bgp 65060
    no synchronization
    bgp confederation identifier 3
    bgp confederation peers 65050
    network 172.16.65.0 mask 255.255.255.192
    network 172.16.50.0 mask 255.255.255.0
    network 172.16.25.0 mask 255.255.255.0
    network 172.16.30.0 mask 255.255.255.0
    neighbor SUB_AS_65060 peer-group
    neighbor SUB_AS_65060 remote-as 65060
    neighbor 172.16.25.2 peer-group SUB_AS_65060
    neighbor 172.16.30.2 peer-group SUB_AS_65060
    neighbor 172.16.50.2 remote-as 65050
    neighbor 172.16.50.2 next-hop-self

Table of Contents