router bgp 65432 neighbor IBGP-ENT peer-group neighbor IBGP-ENT remote-as 65499 neighbor IBGP-ENT description Internal BGP peers - Enterprise WAN neighbor IBGP-ENT route-map ENT-WAN-IN in neighbor 10.55.3.1 peer-group IBGP-ENT neighbor 10.55.3.1 description ent-gw-A.hq neighbor 10.55.3.2 peer-group IBGP-ENT neighbor 10.55.3.2 description ent-gw-B.hq ! ! accept routes from enterprise network: route-map ENT-WAN permit 10 match ip address prefix-list ENT-NETWORKS-HQ route-map ENT-WAN permit 20 match ip address prefix-list ENT-NETWORKS-PHILLY ! ! announce routes to ent: route-map ENT-WAN-OUT permit 10 match ip address prefix-list ALL-ROUTES ! ! all routes: (from internet) ip prefix-list ALL-ROUTES seq 10 permit 0.0.0.0/0 le 32 ! ! ent net routes: ip prefix-list ENT-NETWORKS-HQ seq 10 permit 172.16.20.0 ip prefix-list ENT-NETWORKS-HQ seq 9999 deny 0.0.0.0/0 le 32 |
Here's a config to add a couple new routers to an IBGP mesh. Whoever implements this is about to have a bad night...or at least a very interesting one. Can you find all four mistakes? |
router bgp 65432 neighbor IBGP-ENT peer-group neighbor IBGP-ENT remote-as 65499 neighbor IBGP-ENT description Internal BGP peers - Enterprise WAN neighbor IBGP-ENT route-map ENT-WAN-IN in neighbor 10.55.3.1 peer-group IBGP-ENT neighbor 10.55.3.1 description ent-gw-A.hq neighbor 10.55.3.2 peer-group IBGP-ENT neighbor 10.55.3.2 description ent-gw-B.hq ! ! accept routes from enterprise network: route-map ENT-WAN permit 10 match ip address prefix-list ENT-NETWORKS-HQ route-map ENT-WAN permit 20 match ip address prefix-list ENT-NETWORKS-PHILLY ! ! announce routes to ent: route-map ENT-WAN-OUT permit 10 match ip address prefix-list ALL-ROUTES ! ! all routes: (from internet) ip prefix-list ALL-ROUTES seq 10 permit 0.0.0.0/0 le 32 ! ! ent net routes: ip prefix-list ENT-NETWORKS-HQ seq 10 permit 172.16.20.0 ip prefix-list ENT-NETWORKS-HQ seq 9999 deny 0.0.0.0/0 le 32 |
Colorization and syntax highlighting helps, but it only finds a typo. One mistake down, three to go. |
Errors:
Items used before definition:
|
Missing prefix-list? That's mistake #2. Hold on, wasn't ENT-WAN-IN defined? No, only ENT-WAN was defined. That's mistake #3. And ENT-WAN-OUT is never used. That's four, but can it be implemented better? Yes, besides the implementation benefits, defining everything before it's used makes it easier to read too. |
!
! the password is definitely not a vendor name ! enable password 7 0822455D0A16 ! access-list 10 permit 192.168.0.0 ! route-map CORP-IN permit 10 match ip address 10 ! |
Still using a type 7 password? The replacement came out in 2001. Not using prefix-lists either? Do you still say "Class C"? Also find encryption and hash methods that are no longer secure. |
|