Homework SourseDepicted below is a corporate network The above network has
Depicted below is a corporate network.
The above network has RIPv2, OSPF, and EIGRP protocols in Intranet and is connected to two ISPs thru BGP protocol. As a consultant write a technical proposal to implement the following solutions.
1. Create a multiprotocol operational network using EIGRP, OSPF, and RIPv2 protocol.
2. Implement a secure update of OSPF and EIGRP protocol.
3. Implement virtual link in one segment of the network
4. Implement a redistribution solution
5. Implement BGP connection to ISPs
6. Implement a solution which avoids your network becoming a transit hub for BGP external routes
Your paper must have a minimum of 3 pages and a maximum of 7 pages of text, excluding the required title page, bibliography and optional tables. Text must be Times New Roman, 12 point font, 1\" margin on all sides, and double spaced.
Students must follow \"Publication Manual of the American Psychological Association, Fifth Edition (APA- 5)\", also known as APA style or format. Only a Microsoft Word file will be accepted as the final submission; no HTML or PDF files allowed.
All sources must be properly cited and must be credible. At least two sources must be Internet sources.
RIP Network Redistribution OSPE to RIPv2 OSPF PF Multi Drott Network EIC RIP Network Area Redistribuutiom OSPE to E GRIP EIGIRIP to CDSPR. ISP 1 ISP 2Solution
1.Create a multiprotocol operational network using EIGRP, OSPF, and RIPv2 protocol.
EIGRP is an advanced distance vector protocol that has some of the properties of link-state protocols. Enhanced IGRP addresses the limitations of conventional distance vector routing protocols (slow convergence and high bandwidth consumption in a steady state network). [1]
OSPF is an Interior Gateway Protocol (IGP) developed for use in Internet Protocol (IP)-based internetworks. As an IGP, OSPF distributes routing information between routers belonging to a single autonomous system (AS). [1]
RIPv2, is Distance Vector Routing Protocols that use router hop counts as their metrics. It support a maximum hop count value of 15. Any router farther than 15 hops away is considered to be unreachable. [1]
configure RIPv2 (RIP NETWORK)
RouterA(config)#router rip
RouterA(config-router)#version 2
RouterA(config-router)#network 192.168.10.0
RouterA(config-router)#network 195.14.25.0
RouterA(config-router)#network 195.14.125.0
RouterA(config-router)#no auto-summary
RouterB(config)#router rip
RouterB(config-router)#version 2
RouterB(config-router)#network 192.168.20.0
RouterB(config-router)#network 195.14.25.0
RouterB(config-router)#network 195.14.125.0
RouterA(config-router)#no auto-summary
Configuration OSPF (area 1, area 0 and area 2)
2.IMPLEMENT A SECURE UPDATE OF OSPF AND EIGRP PROTOCOL.
Attacks may target the router devices, the peering sessions, and/or the routing information. Fortunately, protocols like BGP, OSPF, EIGRP and RIPv2 provide a set of tools that help secure the routing infrastructure. This can be done by using the following methods: [2]
Neighbor authentication is a feature available on most routing protocols, and that ensures a router only receives reliable routing information and from trusted neighbors. That is achieved by certifying the authenticity of each neighbor and the integrity of its routing updates. Technically, each router is initially configured with a shared secret key that is used to validate each routing update. Before sending a routing update, each router is required to sign it with the predefined secret key; and include the resulting signature as part of the update message. Finally, the update is verified by the receiving neighbor to prove its authenticity and integrity. The following example shows the configuration of OSPF MD5 neighbor authentication on an IOS router [2]:
OSPF MD5 authentication
interface Ethernet1
ip address 10.139.20.1 255.255.255.0
ip ospf message-digest-key 10 md5 oursharedsecret
router ospf 20
network 10.139.20.0 0.0.0.255 area 0
area 0 authentication message-digest
In EIGRP MD5, authentication is enabled at the interface or subinterface level.
3.IMPLEMENT VIRTUAL LINK IN ONE SEGMENT OF THE NETWORK
Virtual links can be considered as duct tape for OSPF. First, we must decide where to establish a virtual link. On such a network, the decision is obvious: between Area2 and Area0. At least one end of a virtual link must be terminated on a backbone (area 0) router..( R2 is for Area 2 and R0 is for area0)
R2 (config) # ipv6 router ospf 1
R2 (config-rtr) # area 2 virtual-link ?
A.B.C.D RouterID associated with virtual link neighbor
R2(config-rtr)# area 2 virtual-link 192.168.0.3
And the complementary command on R0:
R0 (config) # ipv6 router ospf 0
R0 (config-rtr) # area 0 virtual-link 192.168.0.2
R0 (config-rtr) # %OSPFv3-5-ADJCHG: Process 1, Nbr 192.168.0.2 on OSPFv3_VL0 from LOADING to FULL, Loading Done
4.IMPLEMENT A REDISTRIBUTION SOLUTION
The use of a routing protocol to advertise routes that are learned by some other means, such as by another routing protocol, static routes, or directly connected routes, is called redistribution. In any case, having a multiple protocol environment makes redistribution a necessity. Differences in routing protocol characteristics, such as metrics, administrative distance, classful and classless capabilities can effect redistribution. Consideration must be given to these differences for redistribution to succeed.
Metric
You can define the metric for that specific redistribution only:
Or you can use the same metric as a default for all redistribution (Using the default-metric command saves work because it eliminates the need for defining the metric separately for each redistribution.):
OSPF
This output shows an OSPF router redistributing static, RIP, IGRP, EIGRP routes.
RIP
This output shows a RIP router redistributing static, IGRP, EIGRP, OSPF, and IS-IS routes.
5.IMPLEMENT BGP CONNECTION TO ISPS
Implementing BGP has many benefits: it becomes possible to use multiple ISPs at the same time, augment transit service from an ISP with peering with other networks and isolation from problems in ISP networks. If, when using multiple ISPs, one ISP goes down, most of the time BGP automatically reroutes traffic over the other ISP(s). And if an ISP doesn’t deliver the desired performance, connecting to another one is just a matter of getting the physical connection in place and a few lines in a router configuration—no renumbering of servers and other systems necessary. The existing internal network is usually left running as before, typically using OSPF routing. This makes for a very simple BGP setup, where each router has the requisite filters to make sure only the network’s own IP address block(s) are advertised to the outside world over eBGP (external BGP), an all of one iBGP (internal BGP) session between the two BGP routers.
iBGP with loopback addresses
When a network only has two BGP routers and those routers are connected using a connection that is very unlikely to go down, the most straightforward iBGP setup is to simply configure it much the same as an eBGP session: by using the interface address of the other router as the neighbor address. On a Cisco router, the configuration to use iBGP between loopback addresses would look like this:
!interface Loopback0
ip address 192.0.2.1 255.255.255.255
!router bgp 65000
neighbor ibgp peer-group
neighbor ibgp remote-as 65000
neighbor ibgp update-source Loopback0
neighbor 192.0.2.2 peer-group ibgp
neighbor 192.0.2.3 peer-group ibgp
neighbor 192.0.2.4 peer-group ibgp
6.IMPLEMENT A SOLUTION WHICH AVOIDS YOUR NETWORK BECOMING A TRANSIT HUB FOR BGP EXTERNAL ROUTES
By default BGP will advertise all prefixes to EBGP (external BGP) neighbors. [3] This means that if you are multi-homed (connected to two or more ISPs) like our case that you might become a transit AS. In order to prevent this we’ll have to ensure that EIGRP only advertise prefixes from its own autonomous system [4]. As far as I know there are 4 methods how you can prevent becoming a transit AS:
Filter-list with AS PATH access-list.
No-Export Community.
Prefix-list Filtering
Distribute-list Filtering
Prefix-lists or distribute-lists will work but it’s not a very scalable solution if you have thousands of prefixes in your BGP table. The filter-list and no-export community work very well since you only have to configure them once and it will not matter if new prefixes show up. First we’ll configure BGP on each router:
R1(config)# router bgp 1
R1(config-router)# neighbor 192.168.12.2 remote-as 2
R1(config-router)# neighbor 192.168.13.3 remote-as 3
ISP1(config)# router bgp 2
ISP1(config-router)# neighbor 192.168.12.1 remote-as 1
ISP2(config)# router bgp 3
ISP2(config-router)# neighbor 192.168.13.1 remote-as 1
The commands above will configure EBGP (External BGP) between R1 – ISP1 and R1 – ISP2. To make sure we have something to look at, I’ll advertise the loopback interfaces in BGP on each router:
R1(config)# router bgp 1
R1(config-router)# network 1.1.1.0 mask 255.255.255.0
ISP1(config)# router bgp 2
ISP1(config-router)# network 2.2.2.0 mask 255.255.255.0
ISP2(config)# router bgp 3
ISP2(config-router)# network 3.3.3.0 mask 255.255.255.0
The ISP routers have learned about each other networks and they will use R1 as the next hop. We now have everything in place to play with the different filtering techniques.
Filter-list with AS PATH access-list
Using an filter-list with the AS PATH access-list is probably the most convenient solution. It will ensure that you will always only advertise prefixes from your own autonomous system. Here’s how to do it:
R1(config)# ip as-path access-list 1 permit ^$
R1(config-router)# neighbor 192.168.12.2 filter-list 1 out
R1(config-router)# neighbor 192.168.13.3 filter-list 1 out
No-Export Community
Using the no-export community will also work pretty well. I will configure R1 so that prefixes from the ISP routers will be tagged with the no-export community. This ensures that the prefixes from those routers will be known within AS 1 but won’t be advertised to other routers.
R1(config)# route-map NO-EXPORT
R1(config-route-map)# set community no-export
R1(config)# router bgp 1
R1(config-router)# neighbor 192.168.12.2 route-map NO-EXPORT in
R1(config-router)# neighbor 192.168.13.3 route-map NO-EXPORT in
Prefix-List Filtering
Using a prefix-list we can determine what prefixes are advertised to our BGP neighbors. This works fine but it’s not a good solution to prevent becoming a transit AS. Each time you add new prefixes you’ll have to reconfigure the prefix-list. Anyway let me show you how it works:
R1(config)# ip prefix-list NO-TRANSIT permit 1.1.1.0/24
R1(config-router)# neighbor 192.168.12.2 prefix-list NO-TRANSIT out
R1(config-router)# neighbor 192.168.13.3 prefix-list NO-TRANSIT out
REFERENCES
1.Pankaj Rakheja, Prabhjot Kaur, Anjali Gupta, Aditi Sharma, “Performance Analysis of RIP, OSPF, IGRP and EIGRP Routing Protocols in a Network”. Retrieved on June 18, 2012. Internet:http://research.ijcaonline.org/volume48/number18/pxc3880401.pdf
2.Thorenoor, S. G, “Dynamic Routing Protocol Implementation Decision between EIGRP, OSPF and RIP Based on Technical Background Using OPNET Modeler”. P. 191-195. ISBN:978-1-4244-6962-8. Retrieved on Apr 25, 2010. Internet: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5474509
3.B. Wu, “Simulation Based Performance Analysis on RIPv2, EIGRP and OSPF Using OPNET”. Retrieved on Mar 15, 2013. Internet: http://digitalcommons.uncfsu.edu/cgi/viewcontent.cgi?article=1011&context=macsc_wp
4.Scott M. Ballew, “Managing IP Networks with Cisco Routers”, OREILLY Press. Chapter 5. ISBN: 1-56592-320-0. Published in 1997. Internet: http://phucchau.tran.free.fr/book/O%27Reilly%20-20Managing%20Ip%20Networks%20With%20Cisco%20Routers.pdf
