4. IBGP Neighbors -with Loopback Interface
Now in this video, we’ll move to our next lab, Lab Two, where we are going to configure the same IBGP neighbourhood using the loopback interfaces. So, if you’re continuing from our previous lab, I’m going to remove the configurations that I did in my previous lab by simply giving no router BGP 500. So once you give this command, all your BGP configurations will be removed. So that when I move to the next lab, I should have some very basic configurations, whatever is required.
So I just configured router BGB 500 for all four routers. So, if I verify my router one and give it an IP BGP address, you can see that BGP is not running. And if I give up the IP protocols, I don’t have any of the routing protocols running. So I don’t have any protocols like Rip HRP; nothing is running; I don’t have any default routes; nothing is configured except the basic IP addressing. So you have to start your lab from the basics, where you have only basic connectivity and basic IP addressing as per our default topology. So what I’m going to do is start the BGP peering using a loopback interface. Now you can ask me what this loopback address is and why exactly we need to use loopback address. Now, if you try to see my scenario here, I’m going to use loop backs. Allow me to explain. So, why do we require loopbacks? The first step is for router one to form the neighbors. So we got four of these routers. Router one has established a neighbouring relationship with router two. Router one is forming the neighbourhood with router two using these addresses. With this address, router one is forming a neighborship with router two. And at this address, router one forms a neighbour chain with router three.
Right, that’s what we did when we configured. Router one has neighboring, Router two has one or two. What happens if your interface goes down or if this address has no neighbors? If this interface goes down, what happens? Simply put, the neighborship will go down automatically because the neighbour address, whatever you have used, is down, which means you are no longer reachable to that neighbor. Then, definitely, it is going to affect the routing exchange between the two routers. Because if the neighbour is down, then automatically it will not send any routes to router 2. which means routers one and two will not know and will not at all communicate because they don’t have the routes inside the BGB table. single point of failure. So that was a major disadvantage of the previous lab, which we did, if you recall. Now you can ask me, okay, but in the case of OSPF, if you remember when I talked about OSPF, we have router one, router two, router three, and router four, and if any of the links fails automatically, we have router one, router two, router three, and router four. router One will take a different route to get to that neighbor, but only the neighbourly relationship will be completed here. But still you have alternate route configured.
However, in the case of BGP, the router one forms neighbours with whatever physical IP is present in the router 2, and if that IP is done, it will not use the alternate route at all because that IP is different and this IP is different. When it changes the neighbor’s IP address, it treats it as a different neighbour or router. So that’s something that will not work in our scenario. So that’s the reason. What we are going to do is provide redundancy. What I want is for my neighbour to be redundant. If the router one is forming a neighbourhood with the router two, if this interface goes down automatically, the router one should form a neighbourhood with the router two via an alternate route. So that is what I want in this scenario. So if you want to do that now, you can think about other solutions, like configuring two neighbour commands on Router One. One will be this and other will be this address.What is that? Two, two, one. But don’t do that because the router will treat these two routers as distinct because their IP addresses are so dissimilar, and we will receive the same BGP update from both ends, which will add unnecessary overhead. So it’s not a possible solution, and it’s not the correct solution here.
Now I’m going to configure router 2 on the neighbouring server. I’m not going to use this interface and I’m not going to use this interface. So the reason I’m not going to use any of the physical interfaces is so the physical interface can go down any time. Okay? so I can use any one address. So either I can use this address or this address, but these two addresses or the two interfaces can go down anytime. If you prefer, I can use this interface as well, but because it is also a physical interface, it may fail at any time. So instead of this, what I’m going to do is say that router one is going to form a neighborship with router two and is not going to use any of the physical interfaces. Instead, it will use a logical interface, which will never go down unless and until manually disabled. If we shut down, there’s onlyway the link will go down. So now the router one will attempt to connect to the 12 dot network. Okay? Now it will try to go this route, and in case this route fails, this link will be up because the loop bag will not go down. It will automatically use alternate routeto reach the same loop back.
So that is the main concept. What we are going to do here So router one forms the neighborship with router two’s loop-back interface, and at the same time, router two also forms the neighborship with router one using the loop-back interface instead of physical interfaces because the main intention here is to provide redundancy in the neighborship. Okay, so that is something we are supposed to do here. Now for that, loop back is the best option. So we are going to use the loopback interface or the logical interfaces for forming the membership. Now let’s start. So already I have a preconfigured loopback on router one with loopac 00:11 one, router two has 120, and router three has 130. Router four has 14 dots, 0 and 1.
So, if you try to verify in my topology that every router has a preconfigured loopback, you can use any loop bag you want. In general, loopag zero is the best practice. So, similarly, if I check on router two, I also have a loop back, so I’ll use 120 on router three. Now you can use any other; it’s up to you. I have a preconfigured loopback; I’ll use 13 on the router 4, and 14 on the router 5. Okay, so let’s start with the configurations. If you recall, the configurations are similar to what we did in our previous cases, but they are only some of the few additional configurations you may encounter in this lab. So I’m going to say router BGP, no autosummary, no synchronisation, same network command; you can advertise the 10 dot network, which is in my land. Now, probably you don’t need to advertise “one dot” or “four dots,” which means it’s not really mandatory in the case of OSPF or EHRP. So if I’m running an OSPF or EHRP, it becomes mandatory for you to advertise this interface because when you arise the interface, it will only send a hello message and the reply will come. But in the case of BGP, we are going to configure a manual neighborhood. That means your PGP will still work even if you don’t advertise the van interfaces. So it’s not mandatory, but if you still want to advertise, you can, but I’m just saying it’s not really required. So in my lab also I did notadvertise any of the van interfaces so I’mjust going with simple basic van interfaces. And what’s the next command? Neighbor. Router one is in a neighbouring relationship with twelve other routers, each of which has a remote of 120 meters. Now, similarly, router one is forming the neighborship with router three with 131, and router one is forming the neighborship with router four with 140. So we have full mesh neighborship here once more. So I’m going to use full mesh because wediscussed in the previous video BGP’s pit horizon rule.
To overcome that, we need to have a full mesh membership done. I’m going to do the same thing with the router. so I can use Notepad. But if you’re doing it for the first time, you can always try some configurations. I’ll go to router BGP 500 and then no auto summary, no synchronisation neighbour 110, zero one, which is my router 1500. Router two is forming the neighbourhood with routers one and eleven, router three, and router four. Done. And after that, I’ll advertise my LAN interface and finish the same configurations I’m going to do on the router three. As there is a 500, there is no auto summary and no synchronisation with neighbours eleven and one. Routers three and four form the neighborhood. router one, router two, and router four. Okay, so because the 39 network is my local network and advertises my land interface, So, under router 4, the summary router BGP 500 node has no synchronisation neighbour eleven; the remote is 500; and router 4 is forming the neighbourhood ones, two, and three. So one, two, and three—that is, router three. and analysing my own LAN interface. Done. So I think I finished the configurations for all four routers, and if everything is okay, the neighbouring should come up. That is what we finally require to ensure that the neighbouring relationship is up and running. If the neighbours are not coming, then we need to verify our configurations. If you try to configure any of these things incorrectly, the neighborship will not appear. So if I give you show IP BGPsummary you can see the neighborship is active. So whenever you see an active idle, there is some problem.
So let us try to figure out what is wrong here. So, if you see active, There is a problem here; let’s try to figure out active means. It is actually attempting to establish a neighborhood, but it has so far been unsuccessful. So we need to troubleshoot here now. So we need to do some troubleshooting. That’s what BGP calls “active troubleshooting.” So whenever you see the message, call “active.” Now, there are some possible reasons or possible things we need to keep in mind, and we need to check these things. The first thing neighbours notice is the wrong address. Sometimes we try to configure the IP address incorrectly. As a result, the IP address is most likely incorrect. I think in our configurations, or in our routers, we configured everything correctly. Twelve 001-3141, or you can even verify with this command: “showrun section” with the “BGPpipe” symbol in a section PGP. If we try to verify on all the routers, the configuration of the IP address is correct, and at the same time, the remote S is also correct. So sometimes, what happens? We might end up misconfiguring something. Sometimes the peering might be in the wrong place.
Neighbors do not have the “neighbor” statement on one side of the router. If the neighborship does not arrive, there is yet another reason. Sometimes we configure the first router and then forget to configure the second router. We sometimes configure only one side, expecting the neighborship to appear without confirming on the other end. So now we need to make sure that both sides’ confirmations are correct.
I think here we did everything perfectly. So these two are not applicable in our case. We have configured the right address, and on both ends we have configured the neighbor’s command. Now the third thing might be a misconfiguration of your phone number. Sometimes what happens results in misconfiguration. I accidentally typed instead of 500, 50, or 5000, or something similar. Perhaps you entered an incorrect number for an autonomous system. Do not match remote as command if you configure this charter in as 500 and theremote as 500 here. If that doesn’t match, you will see some messages, like the ones I got here. So when you see these messages, this is a sample output of what you will see if you have a neighbour ship in the wrong case. You can see peering in the wrong case, and then it’s going to say all f’s here and then remote s. So it will send a notification message saying that it is going to disconnect the neighbors. And the reason for this is that the peering is in the incorrect s. We have now verified and confirmed that the first three are not possible issues. Now, finally, the last thing we need to check is whether neighbours do not have the route to the source IP of the BGP open packet generated by the router. Okay. So, whenever we try to establish a neighbour relationship between any of the two routers, such as here, it will send an open message saying, “I am your neighbor,” and router two will respond to that open message.
Now here, this open confirmation message is not coming from router 2, and the reason for that is reachability. The reason for that is that it might be within the reachability. Now router one is forming a neighbour relationship with router two by using 120. Router One uses 3001 to establish a neighbour relationship with Router Three. On 14 1, there is a loopback and router one that form a neighborship with router four. So, 122, 123, as well as ones, twos, and fours. Right. But we need to first verify whether you are able to ping these neighbors’ addresses or not. Reachability. Let’s give it a shot. That is the first thing we need to check. If the router does not have a route to these destinations, it will be unable to communicate. Router one is currently forming neighbours with two L, 13 and 14. But router one has no idea where twelve, thirteen, and fourteen are. You can see that the routes are missing; there is no route in the routing table that will tell you where twelve, thirteen, and fourteen are. In our previous videos, if you remember, we have configured the neighbour relationship with directly connected interfaces, and by default, the router knows its own directly connected interfaces. So there won’t be any problems over there. But now here, so I’m going to say “show IP route,” and I’m saying “120.” So that network is not at all present in my routing table. How can you expect that? So, I’m going to send an open message, but I have no idea where twelve is. I’m not sure where 30 is, or where 14 is. So that’s the problem here. Now reachability is the next thing we need to check.
Okay? So whenever you see these types of messages, make sure that the first step is to make sure that you have connectivity to your neighbor. Ping the neighbour address you should be able to access. But you can see it’s not able to ping because the reason is that here the neighbour does not have entries for 1213 footing, which means router one doesn’t know where twelve is because it’s not in the routing table. Where is 13? Where is footing? Now, here at the router, one does not know how to reach those neighbors. Now, to learn about these neighbors, BGP again relies on IGP. This is a very important point, okay? So the main reason I didn’t run any of the IGP inside, and I want you to know this, is that so many people think that if you’re running BGP, we really don’t need to run any of the IGP protocols or EHRP. So it’s not like that. even though you’re running PGP and BGPis to communicate outside the ASA. However, within the as, we continue to use our IGP protocols, as well as internal gateway protocols such as rape, EHR, and POS. And again, to reach this loopback that is routed to a loopback, To reach these loopbacks, it is going to rely on your IGP protocols. So you have to make sure that you also advertise the loopback interfaces, which are used for IBGP neighborship. This should be read as “inside your IGP.” In my case, I’m not currently running any IGP. That’s the reason it’s not coming up. So I’ll try to configure the IGP from within. So I didn’t configure it; I’m going to configure it now.
5. IBGP Neighbors -with Loopback Interface – Continued
So let us move to our diagram. You can run any IGP here, so choose any of the IGPs. So I’m going to use Raw SPF, advertising all the land and van interfaces, and make sure that you also advertise the loopback interface, which you are using for neighborhood. So don’t forget that, and don’t think that only loopback has to be advertised. Again, you have to advertise the connected interface also, but by default, in your production networks, you have already got some IGP running, and in that IGP, you just need to advertise the loopback IP whatever we are using for the BGB neighborhood; that is the only thing we need to do. So let me do this on the router one. On the router one, I’m going to run OSP on one network, the Tendot network, so these things are already present by default in the production network, so we don’t need to worry about that.
So here I’m just conferring everything here: the tendot network, the four-dot network, which is my Vanity, two van interfaces, and one Lannita phase. And then this point is important: we need to rotate our low-back interface because the two low bags should be able to reach each other, and then only they can establish the neighbour ship. Now they reach via OSPF, so OSPF will tell them how to reach, which means that even though they are running BGP, they rely on IGP. Actually, I’m going to say network 20dot network and slash 28. So I’m going to say area zero and then one interface, two dot networks, and one dot network, and then I need to advertise my loopback interface: twelve zero, zero, two five five, two five, five, and area zero is done. I’m going to do the same thing with router three. Sorry. I need to configure OSPF network 30 dotnetwork, which is in my land area zero. And then I need to organize the three dot network, which is my one interface on the router, the two dot network, and the network 13 dot network because I’m also raising my 13 because I’m going to configure the neighborship based on that loopback and because rootback interfaces will never go down. So that we have the best possible chance that our neighbourliness is always positive. So router OSP of one, network I’m going to say 40 dot network in my van, four dot network in my van, three door network, and finally advertising my low back interface, which I’m using for my neighborship.
When you verify, you should see the neighborhood, IP OSP, or IP route appear. Now I have information in my routing table for twelve, which I’m using to form the neighborhood; thirteen, which I should also see; and fourteen, which I should also see. So I’m anticipating 40; you can see 40 network 41 now. Okay, so now BGP relies on OSPF in our case or any other IGP protocol for knowing the neighbor, which is not directly guided because we confirmed the neighborship using a directly guided interface in the previous case, which is one two. Now, in our scenario, we are going to use loopback, which is not directly guided. So the router one should know about is the one that sends the loop back via IGP. So now if I verify 120 or you can say “show IBGP summary,” if I verify 120, if I verify 31, and if I verify 14, now I’m able to access those neighbors, which means now the router knows exactly where your router 120 is present.So it is going to send an open send message, and then it is going to reply with an open reply message or an open confirm message. So once we see the neighbours, whenever you realise there is a problem with the neighbouring relationship, the first step is to check the configurations, which we did just like we needed to verify these three things. If the wrong address or the other end of the router is not configured, or if it is configured incorrectly, you can jump to this one and try to ping the neighbor’s address. If you can’t ping, it means the router knows where your neighbour is because you’re not directly connected. So, in order for them to access that network, you should have some IGP information in a routing table. But even if I verify and display the IBBGBSummary, I still have some issues. The neighbouring relationship is not up; it is still showing as active.
So actually, I have one more problem here. So the first issue is to remember that whenever we do any loopback configurations, we must ensure that the loopback is reachable. Whatever the IP you are using to form the neighbouring ship, that IP must be reachable. The reachability of that IP must be there. The second thing is the problem with the source. The next thing we need to figure out is what the next issue is. The problem is with the source. So there’s one more problem here. We try to do the basic configuration just like here; we have seen some active messages, and then we try to troubleshoot. We have verified all these configurations, and we have realised that that neighbour is not reachable. And then we configure OSPF, where we also optimise the loopback interfaces. And now if you verify again, it’s showing “active.” So we are up to here now. up to here. We’ve finished our lab; now make sure that there’s connectivity between the neighbors. You can see that the fence is now up. There is one more issue here, and it is with the source address. Let me explain the issue at hand. Now, according to our configurations, router one has formed a neighbour relationship with router two, but with which address? 120. Router one forming the neighbourhood withrouter three with which address one.
And, via 14, router one is establishing a neighbour relationship with router four. Similarly, routers 2 and 3 perform the same function. Right? It will now do this by default whenever you configure a neighbour command. So I said, “Neighbors twelve, one, and, as in our example, 500.” As a result, router one will send an open message. So we call it an “open send message” saying, “Hello, router two, you are my neighbor.” So it is going to say I am, and by default, what is the address of the router? Router One’s one address will be this address. So it says I am one and you are my neighbor. I’m the neighbour of 120, which is router two. So I’m your neighbor. So router two will now say, “All right, you’re my neighbor.” Let me check. Now, router 2 already has preconfigured neighbour statements. That’s just what we did just now.
Now, router number two is pairing with router number one with eleven, and router number two is pairing with or forming a neighbourhood with routers three and four. So this is router one, router three, and router four. So it is going to check its own neighbors’ statements and see this information. It says “one” and the router “two” is not configured with any neighbours with “one.” So now router two is going to simply reply, “You’re not my neighbor,” or “I don’t see any information.” So it’s not going to send the confirm messages, and your neighbor’s ship will go down. Now the main problem here is the problem with the source address. So the source address is always the exit interface address, right? Because when router one sends a message to router 4, it says amfoda-4-1 or whatever the address is by default. So generally the default address will bethe source address of the exit interface. When router one sends a message, this address will be the source address. That is your one-by-zero address. So that is not going to work here because now routers one and two are not forming the neighborship with exit interfaces; they are forming it with loopback interfaces.
So I must ensure that when the routerone sends a message, I change the source address to a routerone. Router one, when you send a messageto router two, don’t use this address. Instead, use the loopback zero address because loopbacks are used to identify each other and loopback zero addresses are used to configure neighborship on everyone. So we are not forming a neighbourhood with any other address. So this is something we need to do. So to change this, we need to add one more command. We need to say, “Neighbor twelve and one.” And I need to say a command called “update source loopback zero address.” So whenever you add this command now, whenever a router is going to send a message to 120 one through OSPF, it’s not going to say this. It’s going to say I am eleven because that is my low bag zero address, and it says, “Hello, I’m eleven and I’m your neighbor.” Now, router two says it will check its own information. It says, “Okay, I have a neighbour with router one.” It says, “Okay, you are my neighbor.” It’s going to send a reply—a confirmation message. And once it sends anopen send message, open confirmation. They have now become neighbors.
When we confirm our neighborship with Loopacs, there are two things we must keep in mind. Whenever you confirm the neighborship with Loopax or any other interface other than the exit interface, the first thing we need to check is the reachability. And, in order to provide reachability, we must advertise whatever loopback zero is currently inside your IGP in the production networks you already have running with your IGP. But in my lab, I did not configure initially because I want you to know that’s the first thing we need to keep in mind, and the second thing is we need to change the source address to the loopback address, whatever we have used. And that can be done by using an update source command. As a result, the neighbouring relationship is not mentioned here. So this is the problem here. So I’m going to go through each router and add one more command: update source loop back to zero. That is something I need to do here now. So let us go to each router in my diagram.
So I’ll go with router one. So already, I have the configurations. I’m not going to disturb those configurations. I’m just adding some extra configurations to the previous ones. So I’m going to say router BGP 500, and I’ll say neighbour twelve one updates those low back zeros. Similarly, I’ll say 131, followed by 14 zero, zero. Now you can see the neighbouring ship approaching; job done. Similarly to how I need to say the outer two of BGP 500, I need to say naval eleven one. Remote S is already confused. So I just need to say “update source.” Then there’s “neighboreleven,” “113,” and “14.” The same thing I need to do on the router Three as well: router BGP 500, neighbour eleven one, update. So slow back to zero, then twelve, and then 14 because 13 is my router. Done. So if you try to verify, let me finish the configurations on the Router Four as well. BGP 500 router, I need to say neighbour eleven, and one remote is already configured. So I’ll just say “update” and “for the router’s two neighbors” and “for the router’s three neighbors.” So, if we try to verify the complete configurations of what we did, we should have two commands for each neighbour whenever you form a neighbour ship with any other interface other than the exit interface.
So the first command will be “remote S,” and the next command has to be “update source.” So I want you to know that I did not initially configure this. Another thing we need to confirm is that you should be able to ping the neighbor, whoever that is. So there should be end-to-end reachability between the neighbouring addresses, whatever we are using, and for that we use IGP. So the last thing will let us verify the neighborliness. Now you can see the neighborship messages have come up, and from each neighbour I’m receiving one route because I used only one network command, there are only land interfaces, and if I verify this is PGP table information, I’ll discuss this in our next video. So I’ll try to verify. Shuip route, Shuipp neighbors, and if I verify Shuip route, you’ll see that all the routes have been learned in some way. OSPF has an administered distance of 110, while the internal BGP will be 200. As a result, it will undoubtedly instal the routes learned by OSPF. But that’s okay. Anyway, what I’ll do is try to shut down any one of the links. With a low back, the router one is forming the neighborhood. So I’m going to shut down this link. Assuming that that link goes down, I can see still it should not affect my neighborship.
As you can see, neighbouring is still active, and I can still see the route coming from the router. It’s still coming. The reason is that now what OSPF will do is simply what happens here: router one says it wants to form a neighbourhood with twelve. Now, first, it will try to use the first root as the best route. If that best route fails, it will use an alternate root to reach this neighbor. If you use OSPF to verify the IP route, Now, as long as this twelve is present in your routing table, your neighborship will not go down, and you can see it’s going where router four four one is. As for my diagram, okay, it’s going where router four is—that is, four four one—because your neighborship is down from that side, so the interface is down. So still, there’s no impact on the neighborhood. So this is one of the most common implementations of BGP, where we always use lowback interfaces to form the neighborship so that we can have redundancy in the neighborhood. At the same time, you must ensure that you have access to that neighborhood. And finally, you have to make sure that you use the update source command and change the source address to the lowback interface, whatever we are using. So it could be low-back zero or anything else. So this is our second lab, and we are done with this lab. We’ll probably see some more labs in our next videos. Thank you.