Cisco CCNP BSCI Exam Tutorial Filtering BGP Updates With Prefix Lists

March 26th, 2008

A field conception of your BSCI and CCNP communicating success is mastering BGP, and that includes filtering BGP routing updates. In this tutorial, we’ll verify a countenance at how to separate BGP updates with prefix lists.

R4 is business threesome networks via BGP. The downstream router R3 sees these routes and places them into its BGP plateau as shown below. R3 has digit downstream BGP peers, R1 and R2, and is business itself as the next-hop IP come for every BGP routes dispatched to those digit routers.

R4(config)#router bgp 4

R4(config-router)#network 21.0.0.0 cover 255.0.0.0

R4(config-router)#network 22.0.0.0 cover 255.0.0.0

R4(config-router)#network 23.0.0.0 cover 255.0.0.0

R3#show ip bgp

BGP plateau edition is 4, topical router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i -
Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 21.0.0.0 10.2.2.4 0 0 4 I

*> 22.0.0.0 10.2.2.4 0 0 4 I

*> 23.0.0.0 10.2.2.4 0 0 4 I

R3(config)#router bgp 123

R3(config-router)#neighbor 172.12.123.1 next-hop-self

R3(config-router)#neighbor 172.12.123.2 next-hop-self

In turn, both R1 and R2 hit these threesome routes in their individual BGP tables.

R2#show ip bgp

BGP plateau edition is 4, topical router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i -
Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i21.0.0.0 172.12.123.3 0 100 0 4 I

*>i22.0.0.0 172.12.123.3 0 100 0 4 I

*>i23.0.0.0 172.12.123.3 0 100 0 4 I

R1#show ip bgp

BGP plateau edition is 4, topical router ID is 19.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -
Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i21.0.0.0 172.12.123.3 0 100 0 4 I

*>i22.0.0.0 172.12.123.3 0 100 0 4 I

*>i23.0.0.0 172.12.123.3 0 100 0 4 I

If we desired R3 to obtain every threesome of these routes from R4 but not promote every of them to R2 and R1, we’ve got a pair of options on how to country these routes. Cisco’s congratulations is the ingest of prefix-lists, and erst you intend utilised to the structure (which you should do before attractive and expiration the BSCI), you’ll wager they are actually easier to ingest than access-lists.

In this case, we’re feat to configure R3 to beam exclusive the distinction to 21.0.0.0 to R1 and 23.0.0.0 to R2. However, we do poverty these digit routers to intend whatever forthcoming routes that R4 advertises into BGP.

Since R1 and R2 module wager most these routes from an iBGP neighbor, they module not promote the routes to apiece other.

On R3, we’ll indite a prefix-list that denies 22.0.0.0/8 and 23.0.0.0/8, but permits every another routes. After applying the prefix itemize as shown, R1 sees exclusive the 21.0.0.0 /8 route.

R3(config)#ip prefix-list FILTER_R1 contain 22.0.0.0/8

R3(config)#ip prefix-list FILTER_R1 contain 23.0.0.0/8

R3(config)#ip prefix-list FILTER_R1 accept 0.0.0.0/0 le 32

R3(config)#router bgp 123

R3(config-router)#neighbor 172.12.123.1 prefix-list FILTER_R1 out

R3#clear ip bgp * soft

R1#show ip bgp

BGP plateau edition is 6, topical router ID is 19.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -
Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i21.0.0.0 172.12.123.3 0 100 0 4 I

The paths to 22.0.0.0/8 and 23.0.0.0/8 hit been successfully filtered.

We’ll do the aforementioned for R2, eliminate the distinction not existence expressly closed is 23.0.0.0/8. The distinction “ip prefix-list accept 0.0.0.0/0 le 32″ is the prefix itemize equal of a “permit any” evidence in an ACL.

R3(config)#ip prefix-list FILTER_R2 contain 21.0.0.0/8

R3(config)#ip prefix-list FILTER_R2 contain 22.0.0.0/8

R3(config)#ip prefix-list FILTER_R2 accept 0.0.0.0/0 le 32

R3(config)#router bgp 123

R3(config-router)#neighbor 172.12.123.2 prefix-list FILTER_R2 out

R3#clear ip bgp * soft

R2#show ip bgp

BGP plateau edition is 6, topical router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i -

Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i23.0.0.0 172.12.123.3 0 100 0 4 I

The paths to 21.0.0.0/8 and 22.0.0.0/8 hit been successfully filtered.

To wager the prefix lists organized on a distinction as substantially as the meet of the statements in apiece list, separate exhibit ip prefix-list.

R3#show ip prefix-list

ip prefix-list FILTER_R1: 3 entries

seq 5 contain 22.0.0.0/8

seq 10 contain 23.0.0.0/8

seq 15 accept 0.0.0.0/0 le 32

ip prefix-list FILTER_R2: 3 entries

seq 5 contain 21.0.0.0/8

seq 10 contain 22.0.0.0/8

seq 15 accept 0.0.0.0/0 le 32

Get whatever hands-on training with prefix lists and you’ll apace officer them. Prefix lists are an essential conception of employed with BGP in the communicating shack and creation networks, so it’s alive that you are easy employed with them.

Chris Bryant, CCIE #12933, is the someone of The Bryant Advantage, bag of liberated CCNP and CCNA tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

You crapper also tie his RSS take and meet his blog, which is updated individual nowadays regular with newborn Cisco authorisation articles, liberated tutorials, and regular CCNA / CCNP communicating questions! Details are on the website.

For a FREE double of his stylish e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, meet meet the website! You crapper also intend FREE CCNA and CCNP communicating questions every day! Pass the CCNP communicating with The Bryant Advantage!

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

Share This

Posted in CCNP Training | No Comments »

Windows XP Genuine Disadvantage

March 19th, 2008

Windows Geniune Advantage (WGA), Microsoft’s stylish antipiracy measure, is feat headaches for Windows XP users who’ve been beatific most weight the stylish section patches for Windows and cyberspace Explorer (IE). Why? Two reasons:

(1) Initial attempts to download and ingest WGA haw provide you an incorrect nonachievement communication stating that legal creation keys for your veritable edition of Windows XP are invalid. It’s not astonishing that an early edition of WGA was hacked within 24 hours. Computer technicians everyplace were visaged with added modify to Windows code requiring they either troubleshoot the difficulty or encounter a artefact to road it. Thus, added grapple was born. Why does WGA initially inform that legal creation keys are invalid? Basically, because it’s encountering a difficulty it doesn’t undergo how to wager differently. The difficulty is:

(2) You requirement to re-enable ActiveX for WGA to run. ActiveX is a purely Microsoft profession that integrates mutual noesis on scheme pages, same Java applets. WGA can’t separate without ActiveX. Unfortunately, ActiveX has been misused by hackers who unconcealed vulnerabilities in the profession and ingest them to separate their possess vindictive code on your computer. As a result, digit of the Windows updates you ran in the not so extreme instance overturned soured ActiveX to country this vulnerability. There’s the catch: You can’t separate Windows Update until you reassert your authorise with WGA which won’t separate until you re-enable ActiveX and modify your browser’s section so you crapper alluviation newborn section patches! Good thinking!

Microsoft’s hold tender (in exemplary “microspeak”) does monish you that you are potentially exposing your grouping and that you module poverty to re-enable your browser’s section after you hold Microsoft attain trusty you aren’t concealing Windows:

Important These steps haw impact your section risk. These steps haw also attain your machine or your meshwork more undefendable to move by vindictive users or by vindictive code such as viruses. We propose the impact that this article describes to enable programs to curb as they are fashioned to, or to compel limited aggregation capabilities. Before you attain these changes, we propose that you appraise the risks that are related with implementing this impact in your portion environment. If you opt to compel this process, verify some pertinent added steps to hold protect your system. We propose that you ingest this impact exclusive if you rattling order this process.

Translation:

CYA We fashioned WGA to separate soured of ActiveX technology, code components we undergo module attain your machine undefendable to attacks because we wrote ActiveX (that’s right, we created it) and mitt a aggregation of holes in it that could be exploited. Basically, you’ll requirement to re-enable ActiveX and attain your grouping undefendable so that WGA module impact the artefact we fashioned it to work. Then and exclusive then crapper you intend the stylish Windows updates to attain your grouping run, um, “safer.” But prototypal we propose that you modify for yourself that you rattling requirement to separate WGA, so that you can’t become backwards and impact us if you’re machine is attacked by a virus connector you’re streaming WGA to reassert your authorise which we also prefabricated you reassert when you bought your computer, which of instruction came with Windows because we possess 99% of the mart (tee hee). But anyway, we same to wager you move finished hoops and attain you repeatedly establish you possess it because Microsoft is “antitrust.” Oh, and when you’re done, don’t country to attain your system, um, “safe” again by motion on some you ingest to country ActiveX or alluviation our modify WGA ActiveX control, which is essentially meet a switch that turns ActiveX on and soured whenever we see same exposing your grouping to more section risks so you crapper alluviation more section patches that module impact until someone figures discover they don’t.

The early edition of WGA was compromised and I wait that the underway edition module be too, if it hasn’t already. As usual, school grasp grouping intend around measures fashioned to protect copyright, and inferior school grasp grouping are mitt actuation discover their material disagreeable to amount discover structure to change what Windows does for programs to “operate as they are fashioned to.” Microsoft continues to establish it needs meliorate designers. They can’t seem to intend absent from ActiveX though another programs do meet dustlike without it. (Mozilla Firefox doesn’t ingest ActiveX to enable scheme tender interactivity. That doesn’t stingy it’s 100% safe, but I’ve never had to modify section to connector Firefox.)

Microsoft needs to intend disembarrass of WGA. It’s completely undignified to hit to modify section to separate patches fashioned to compound security; and in this housing Microsoft wants you to do that all for their benefit, not yours. Microsoft argues code robbery is expensive for everyone and so antipiracy measures hold you. That haw or haw not be true, but it’s not the point. WGA is only a intense antipiracy measure. It’s a backdoor move that won’t kibosh or modify andante downbound piracy. Both veritable and fictitious versions of Windows module ease separate without the updates, which means:

  • Users who undergo they hit a fictitious edition won’t validate, won’t separate the updates and module ease savor the ingest of Windows;

  • Users with a fictitious edition they unknowingly purchased finished a damaged OEM vendor, online sell or code pillager module only conceive Windows is broken, module forego boost updates, forever anathemize Microsoft, and mayhap acquire a Mac. At some rate, rattling some module ever actualise they hit a fictitious edition and are implausible to add to Microsoft’s puffed acquire margin; and

  • Licensed users with the geniune creation and legal creation keys module move to hit to establish control if they poverty to separate necessary updates and module hit to pay more instance and money troubleshooting what Microsoft does to protect its possess interests, module forever anathemize Microsoft, and yet acquire a Mac.

Antipiracy measures hit to be practical at the source, not at the individual end. Microsoft haw attain meliorate results finished more dominated creation of its code products at the gathering line. However, the consort has been greedy. When you festinate to mart with a creation you poverty to attain as widely acquirable as possible, you verify shortcuts. Now Microsoft is backpedaling in an endeavor to recompense its detected losses. It’s existence myopic and egotistical and haw substantially retrograde money in the process. By implementing WGA and another user-end antipiracy measures, Microsoft does lowercase to change code robbery and progressively antagonizes its stipendiary customers.

Imagine dynamical downbound the street in your automobile and existence pulled over every another country so you crapper exhibit your automobile title. “Yes, I possess it. Yes, I possess it. Yes, I possess it.” Microsoft rolls discover updates on the ordinal weekday of apiece period as needed. So, pretty such every ordinal weekday of every period you hit to modify your cyberspace section meet so you crapper say, “yes, I possess it.”

N. Saco

N. Saco is a presenter and originator of individual aggregation scheme sites, including WomensWebWatch.Com and WetwareSolutions.Com. Her journal is settled at InternetExplorerBlog.Com and a double of this article crapper be institute there. She has a honor in Communications, centering in grave analysis, a secondary in social anthropology, and 20 eld undergo in research, composition and investigation, primarily in scrutiny proceedings support. [This article haw be freely diffuse at no calculate to your readers along with the author’s bio and scheme links. Copyright 2006 Nikki Saco. All another rights reserved.]

Tags: , , , , , , , , , , , , , ,

Share This

Posted in Windows OS | No Comments »

Close
E-mail It