Cisco BGP Config Tips

This document provides some helpful configuration hints about configuring your router connected to MBIX.  It is intended for network administrators with a working knowledge of BGP.

Many of these settings are optional, or should be adapted for your environment.

Overview

To connect to MBIX, you should:

  • Configure the router Interface
  • Configure BGP

Interface config overview

Use a dedicated router interface or VLAN interface (SVI) for your MBIX connection.

  • Only allow IPv4, IPv6 and ARP
  • DISABLE SPANNING TREE
    • If the MBIX switch receives a BPDU, MBIX will disable your port
    • Disabling spanning tree varies based on your config
  • Disable
    • CDP
    • DHCP
    • keepalive
    • ip redirects
    • MOP
    • proxy-arp

BGP config overview

See Route Servers article for more

Run BGP on IPv4 and IPv6, connecting to RS1 and RS2.  This will be 4 sessions in total.

  1. IPv4 to RS1
  2. IPv4 to RS2
  3. IPv6 to RS1
  4. IPv6 to RS2

Tips

  • Allow the first AS received to be the other members (no bgp enforce-first-as)
  • Announce only the prefixes you want (use a prefix-list)
  • Set LOCALPREF to be higher than your transit providers

Cisco IOS examples

We’ve provided several configuration examples which you should adapt for your specific configuration.

DO NOT COPY BLINDLY!

Interface Config

Configure your interface with the IPv4 and IPv6 addresses assigned to you.

Disable many features which aren’t desired on an IX.

From core1.mbix.ca:
interface GigabitEthernet0/2
 description MBIX peering
 ip address 206.72.208.1 255.255.255.0
 no cdp enable
 no ip redirects
 no ip proxy-arp
 duplex auto
 speed auto
 ipv6 address 2001:504:26::1:6395:1/64
 ipv6 nd ra suppress
 no ipv6 redirects
 no keepalive
 no mop enabled

VLAN interface example:

interface Vlan14
 description MBIX peering
 ip address 206.72.208.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:504:26::1:8451:1/64
 ipv6 nd ra suppress
 no ipv6 redirects

BGP config

Here’s an example BGP configuration.

router bgp 16395
 no bgp enforce-first-as
 bgp log-neighbor-changes
 neighbor 2001:504:26::1:6395:11 remote-as 16395
 neighbor 2001:504:26::1:6395:11 description MBIX RS1
 neighbor 2001:504:26::1:6395:12 remote-as 16395
 neighbor 2001:504:26::1:6395:12 description MBIX RS2
 neighbor 206.72.208.11 remote-as 16395
 neighbor 206.72.208.11 description MBIX RS1
 neighbor 206.72.208.12 remote-as 16395
 neighbor 206.72.208.12 description MBIX RS2
!
address-family ipv4
 network 198.181.199.0
 no neighbor 2001:504:26::1:6395:11 activate
 no neighbor 2001:504:26::1:6395:12 activate
 neighbor 206.72.208.11 activate
 neighbor 206.72.208.11 next-hop-self
 neighbor 206.72.208.11 soft-reconfiguration inbound
 neighbor 206.72.208.11 prefix-list RS-OUT out
 neighbor 206.72.208.11 route-map LOCALPREF-ix in
 neighbor 206.72.208.12 activate
 neighbor 206.72.208.12 next-hop-self
 neighbor 206.72.208.12 soft-reconfiguration inbound
 neighbor 206.72.208.12 prefix-list RS-OUT out
 neighbor 206.72.208.12 route-map LOCALPREF-ix in
exit-address-family
!
address-family ipv6
 network 2620:19:4000::/48
 neighbor 2001:504:26::1:6395:11 activate
 neighbor 2001:504:26::1:6395:11 next-hop-self
 neighbor 2001:504:26::1:6395:11 soft-reconfiguration inbound
 neighbor 2001:504:26::1:6395:11 prefix-list RS6-OUT out
 neighbor 2001:504:26::1:6395:11 route-map LOCALPREF-ix in
 neighbor 2001:504:26::1:6395:12 activate
 neighbor 2001:504:26::1:6395:12 next-hop-self
 neighbor 2001:504:26::1:6395:12 soft-reconfiguration inbound
 neighbor 2001:504:26::1:6395:12 prefix-list RS6-OUT out
 neighbor 2001:504:26::1:6395:12 route-map LOCALPREF-ix in
exit-address-family

Prefix list

Use prefix Lists to limit your announcements into the exchange.

Explicitly list all your prefixes, and deny all else.

ip prefix-list RS-OUT seq 10 permit 198.181.199.0/24
ip prefix-list RS-OUT seq 20 permit 23.78.143.0/24
ip prefix-list RS-OUT seq 100 deny 0.0.0.0/0

ipv6 prefix-list RS6-OUT seq 10 permit 2620:19:4000::/48
ipv6 prefix-list RS6-OUT seq 20 permit 2600:140A:4::/48
ipv6 prefix-list RS6-OUT seq 100 deny ::/0 le 128

Route Map

Suggestion: Use a route map to set the LOCAL_PREF for routes received from MBIX to something higher than the default of 100.  ASN administrators should decide what each :

route-map LOCALPREF-ix permit 10
 set local-preference 200

Conclusion

MBIX operates similarly to many IXes.  Settings and tips applicable to others are likely applicable to MBIX.

If you need help, contact network@mbix.ca.