Simple cisco router configuration BGP [ 2 links] and NAT

Few weeks ago I struggled with a configuration that contained BGP and NAT. First I made some really difficult configuration which worked in GNS3 but eventually it didn’t worked on a real router. [ My configuration is based on a cisco router 2951 ]

To create a configuration with BGP and NAT you’ve to do the following steps:

interface GigabitEthernet0/1
 description BGP Link 1  to ISP
 ip address <ip address>
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

In my configuration I had 2 BGP links interface GigabitEthernet0/1

interface GigabitEthernet0/2
 description BGP Link 2  to ISP
 ip address <ip address>
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

I created after this a loopback interface for the MAIN of the extra subnet I had.

interface Loopback100
 ip address <1st ip block address> <ip block subnet>
 ip nat outside
 ip virtual-reassembly in

Next step is to configure the internal LAN interface.

interface GigabitEthernet0/0
 ip address <ip address>
 no ip redirects
 no ip unreachables
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 ip route-cache same-interface
 ip route-cache policy
 duplex auto
 speed auto
 hold-queue 100 out

BGP Configuration can be different per ISP in my case I had 1 ISP but 2 different BGP uplinks

router bgp <as number>
 bgp always-compare-med
 bgp log-neighbor-changes
 bgp deterministic-med
 network <network address of IP block > mask <subnetmask of IP block>
 redistribute connected
 redistribute static
 neighbor <remote ip bgplink 1> remote-as <as number>
 neighbor <remote ip bgplink 1> description *** BGP Link#1 with ISP ***
 neighbor <remote ip bgplink 1> timers 5 15
 neighbor <remote ip bgplink 1> remove-private-as
 neighbor <remote ip bgplink 1> soft-reconfiguration inbound
 neighbor <remote ip bgplink 1> route-map your-bgp-in in
 neighbor <remote ip bgplink 1> route-map your-bgp-out out
 neighbor <remote ip bgplink 2> remote-as <as number>
 neighbor <remote ip bgplink 2> description *** BGP Link#2 with ISP ***
 neighbor <remote ip bgplink 2> timers 5 15
 neighbor <remote ip bgplink 2> remove-private-as
 neighbor <remote ip bgplink 2> soft-reconfiguration inbound
 neighbor <remote ip bgplink 2> route-map your-bgp-in in
 neighbor <remote ip bgplink 2> route-map your-bgp-out out
 maximum-paths 8
 no auto-summary

To test if your first link is okay you can use the following command to shutdown the second bgp link.

 neighbor <remote ip bgplink 2> shutdown

Next think you have to do is to create a static route to the Null0 interface and to create an ip nat pool.

ip route <ip block 1st addres> <ip block subnet> Null0
ip nat pool <name> <first usable ip address> <first usable ip addres or last > prefix-length 26

When you have configured these settings we continue to configre some ip prefix-lists on the router.

ip prefix-list your-bgp-out description *** Send yourname Prefixes and P2P-Link to ISP ***
ip prefix-list your-bgp-out seq 5 permit <ip address block/prefix eq 26>

When we have configured the ip prefix-list we can continue to configure a route-map which links to these prefix listes

route-map your-bgp-in permit 10
 description *** [ Set Localpref to 100 to prefer this link, mark routes with <remark of ISP> ] ***
 set local-preference 100
 set community <depends on ISP>
route-map your-bgp-out permit 10
 description *** [ Advertise Yourname Prefixes ] ***
 match ip address prefix-list your-bgp-out

If you have configured al these settings. you will be able to configure an access-list on the interface loopback. I’ve to figure out how to enable VPN access on this kind of connection.

More to continue …

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s