IPV6 BGP and Neighbor Discovery

Similar Messages

• E4200 - IPv6 Neighbor Discovery

  Hi,
  I am currently developping an embedded IPv6 stack and I needed to get an IPv6 compatible router to perform different tests. I purchased an E4200 router, knowing that the latest firmware includes Native IPv6 support. On Cisco blog, I read that the router should now support RFC6204:
  "While many of the base IPv6 specifications have been available for years, the IETF published RFC 6204 which defines the basic requirements for an IPv6 home router as recently as April 2011. IP is one of the most important protocols to the Internet, and IPv6 is the biggest change in IP in over 30 years. We want to be careful that the implementations we ship work well and adhere to the latest standards so that we do not hinder the adoption of IPv6 by content providers and ISPs."
  Source: http://blogs.cisco.com/consumer/linksys-e4200-wireless-router-supports-ipv6/
  My first test step involved the Neighbor Discovery Protocol and RFC6204 clearly states the following:
  "The IPv6 CE router MUST support router behavior according Neighbor Discovery for IPv6 [RFC4861]"
  My first question is the following: Is it normal that I  don't see any 'Router Advertisement' messages send by the router? According to RFC4861, it is not.
  It must day that my ISP doesn't support IPv6 so it doesn't assign a global IPv6 address to my router. However, I only require to have a link-local IPv6 link (at least for now). Can it explain why the router doesn't send periodic "Router Advertisement" messages?
  Second, the router correcty responds to my "Neighbor Solicitation" messages when I try to ping the link-local address. But
  it is not responding to my "Router Solicitation" messages. It's also conflicting with RFC4861.
  Does someone know what is going on with Neighbor Discovery on that router? I will appreciate any comments & replies.
  Many thanks!

  Many thanks for you input. We decided to return the consumer router and we purchased a CISCO 881. The IOS software is much more flexible and it actually do what we want.
  IPv6 experts are not easy to find so if you don't mind, I would have another question on a behavior I observed recently with our CISCO 881 router.
  I implemented the ICMPv6 echo request functionnality and it works fine when I try to reach different hosts on my network.
  However,  I also tested it by using the link-local IP address of my router as the target. First, my stack sends a Neighbor Solicitation message (using IPv6-MCAST dest MAC address) to resolve the router IP address (assuming it is not yet on the router list) . The router reply back with a Neighbor Advertisement message, but does not includes the 'Target link-layer address' option into its message.
  However, according the the RFC4861 (page 25),  in Neighbor Advertisement messages, the Target link-layer address "option MUST be included on link layers that have addresses when responding to multicast solicitations."
  It looks like a bad implementation; I was expecting the Neighbor Advertisement message, even if sent by a router, to include the Target link-layer option when responding to my multicast Neighbor Solicitation. Do you agree with that?
  Simon

• IPv6 - Turn Off Router Discovery

  I have a Cisco AP 1262 running 15.2.4-JA1 which has IPv6 support.
  I want to leave IPv6 neighbor discovery on but I want to disable router discovery so I can manually specify what default gateway to use.
  You can do this on windows:
  netsh inter ipv6 set interface XX routerdiscovery=disabled
  I can't seem to find the command in IOS.
  Thanks.

  On the contrary,
  It seems my 1262 AP is doing this by default.
  I did nothing but assign an IPv6 address to my AP and it was able to ping IPv6 Internet.
  interface BVI1
  ip address XXX.XXX.1.250 255.255.255.0
  no ip route-cache
  ipv6 address XXXX:XXXX:XXXX:1:FFFF:FFFF:FFFF:FFFA/64
  ipv6 enable
  ap#show ipv6 inter bvi1
  BVI1 is up, line protocol is up
    IPv6 is enabled, link-local address is FE80::462B:3FF:FE91:XXXX
    No Virtual link-local address(es):
    Global unicast address(es):
      XXXX:XXXX:XXXX:1:FFFF:FFFF:FFFF:FFFA, subnet is XXXX:XXXX:XXXX:1::/64
    Joined group address(es):
      FF02::1
      FF02::1:FF91:3C8D
      FF02::1:FFFF:FFFA
    MTU is 1500 bytes
    ICMP error messages limited to one every 100 milliseconds
    ICMP redirects are enabled
    ICMP unreachables are sent
    ND DAD is enabled, number of DAD attempts: 1
    ND reachable time is 30000 milliseconds (using 30000)
    ND NS retransmit interval is 1000 milliseconds
    Default router is FE80::C2EA:E4FF:FE09:XXXX on BVI1

• IPv6 BGP prefix-list filtering

  Dears,
  I have  established iBGP seesion between 2 routers (R1 ---- R2) and I want to  advertise loopback interface /128 using ipv prifex filtering, but didnt  advertise to neighbor loopback . it is working fine with network or redistribute command but I want to know why it is not working with
  prefix-list filtering?
  Configuration:
  router bgp 100
  neighbor 2001:100:1:1::2 remote-as 100
  address-family ipv6
  neighbor 2001:100:1:1::2 activate
  neighbor 2001:100:1:1::2 prefix-list IPV6 out
  no synchronization
  exit-address-family
  int lo 100
  ipv address 2001:500:1:1::1/128
  ipv6 prefix-list IPV6 seq 10 permit 2001:500:1:1::1/128
  router bgp 100
  neighbor 2001:100:1:1::1 remote-as 100
  address-family ipv6
  neighbor 2001:100:1:1::1 activate
  neighbor 2001:100:1:1::1 prefix-list TEST out
  no synchronization
  exit-address-family
  int lo 100
  ipv address 2001:600:1:1::1/128
  ipv6 prefix-list TEST seq 10 permit 2001:600:1:1::1/128
  Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
  2001:100:1:1::1 4 100   49236   49191        5    0    0 04:03:21        0

  Even though you're using a prefix list, the prefix list is used for filtering and not advertising the network. You still have to advertise the network using "network 2001:600:1:1::1/128" and you should see it.
  HTH,
  John
  *** Please rate all useful posts ***

• Advertising ipv4 routes via ipv6 bgp peers

  Hello,
  I have established IPV6 bgp sessions with ipv6 prefix-list filter. But ipv4 routes were advertised over this bgp session. Do I I need special configuration under address family or ipv4 prefix-list filters required ?
  Note : the config was  IBGP between 7200 routers and 6509 core switches.
  Thank you all
  Nael

  Hi Nael,
  This is because address-family ipv4 unicast gets activated by default when you configure a new neighbor in BGP. You either need to configure "no bgp default ipv4-unicast" or go under address-family ipv4 unicast and do a "no neighbor" for the ipv6 neighbor.
  Hope this helps

• MP-BGP and MPLS multipath load sharing

  Hi,
  I am trying to PoC MPLS multi path load sharing by using per-PE-per-VRF RDs in the network.
  I have a simple lab setup with AS65000 which consists of SITE1 PE1&PE2 routers (10.250.0.101 and 10.250.0.102), route reflector RR in the middle (10.250.0.55) and SITE2 PE1&PE2 routers (10.250.0.201 and 10.250.0.202). PE routers only do iBGP peering with centralized route reflector and passing route to 10.1.1.0/24 prefix (learned from single CE router) with 100:1 and 100:2 RDs for specific VRF.
  Route reflector gets routes with multiple RDs, makes copies of these routes in order to make local comparison to RD 55:55 configured, uses these routes and install multiple paths into its routing table (all PE routers and RR have "maximum-paths eibgp 4" configured):
  RR#sh ip bgp vpnv4 all
  BGP table version is 7, local router ID is 10.250.0.55
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 55:55 (default for vrf VRF-A) VRF Router ID 10.250.0.55
  * i10.1.1.0/24      10.250.0.102             0    100      0 65001 i
  *>i                 10.250.0.101             0    100      0 65001 i
  Route Distinguisher: 100:1
  *>i10.1.1.0/24      10.250.0.101             0    100      0 65001 i
  Route Distinguisher: 100:2
  *>i10.1.1.0/24      10.250.0.102             0    100      0 65001 i
  RR#sh ip route vrf VRF-A
  <output omitted>
       10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  B       10.1.1.0/24 [200/0] via 10.250.0.102, 00:45:52
                            [200/0] via 10.250.0.101, 00:46:22
  BUT, for some reason RR doest reflects routes with multiple RDs down to SITE2 PE1&PE2 - its own clients:
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.201 advertised-routes
  Total number of prefixes 0
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.202 advertised-routes
  Total number of prefixes 0
  Here comes RR BGP configuration:
  router bgp 65000
  no synchronization
  bgp router-id 10.250.0.55
  bgp cluster-id 1.1.1.1
  bgp log-neighbor-changes
  neighbor 10.250.0.101 remote-as 65000
  neighbor 10.250.0.101 update-source Loopback0
  neighbor 10.250.0.101 route-reflector-client
  neighbor 10.250.0.101 soft-reconfiguration inbound
  neighbor 10.250.0.102 remote-as 65000
  neighbor 10.250.0.102 update-source Loopback0
  neighbor 10.250.0.102 route-reflector-client
  neighbor 10.250.0.102 soft-reconfiguration inbound
  neighbor 10.250.0.201 remote-as 65000
  neighbor 10.250.0.201 update-source Loopback0
  neighbor 10.250.0.201 route-reflector-client
  neighbor 10.250.0.201 soft-reconfiguration inbound
  neighbor 10.250.0.202 remote-as 65000
  neighbor 10.250.0.202 update-source Loopback0
  neighbor 10.250.0.202 route-reflector-client
  neighbor 10.250.0.202 soft-reconfiguration inbound
  no auto-summary
  address-family vpnv4
    neighbor 10.250.0.101 activate
    neighbor 10.250.0.101 send-community both
    neighbor 10.250.0.102 activate
    neighbor 10.250.0.102 send-community both
    neighbor 10.250.0.201 activate
    neighbor 10.250.0.201 send-community both
    neighbor 10.250.0.202 activate
    neighbor 10.250.0.202 send-community both
  exit-address-family
  address-family ipv4 vrf VRF-A
    maximum-paths eibgp 4
    no synchronization
    bgp router-id 10.250.0.55
    network 10.255.1.1 mask 255.255.255.255
  exit-address-family
  SITE1 PE1 configuration:
  router bgp 65000
  no synchronization
  bgp router-id 10.250.0.101
  bgp log-neighbor-changes
  neighbor 10.250.0.55 remote-as 65000
  neighbor 10.250.0.55 update-source Loopback0
  neighbor 10.250.0.55 soft-reconfiguration inbound
  no auto-summary
  address-family vpnv4
    neighbor 10.250.0.55 activate
    neighbor 10.250.0.55 send-community both
  exit-address-family
  address-family ipv4 vrf VRF-A
    neighbor 10.1.101.2 remote-as 65001
    neighbor 10.1.101.2 activate
    neighbor 10.1.101.2 soft-reconfiguration inbound
    maximum-paths eibgp 4
    no synchronization
    bgp router-id 10.250.0.101
  exit-address-family
  SITE1 PE2 configuration is similar to SITE1 PE1. They both do eBGP peering with dualhomed CE router in AS65001 which announces 10.1.1.0/24 prefix into VRF-A table.
  My question is: clearly, the issue is that RR doesn't reflect any routes to its clients (SITE2 PE1&PE2) for 10.1.1.0/24 prefix with 100:1 and 100:2 RDs that dont match it's locally configured RD 55:55 for VRF-A, although they are present in its BGP/RIB tables and used for multipathing. Is this an expected behavior or some feature limitation for specific platform or IOS version? Currently, in this test lab setup I run IOS 12.4(24)T8 on all the devices.
  Please, let me know if any further details are needed to get an idea of why this well known and widely used feature is not working correctly in my case. Thanks a lot!
  Regards,
  Sergey

  Hi Ashish,
  I tried to remove VRF and address family configurations completely from RR.
  router bgp 65000
  no synchronization
  bgp router-id 10.250.0.55
  bgp cluster-id 1.1.1.1
  bgp log-neighbor-changes
  neighbor 10.250.0.101 remote-as 65000
  neighbor 10.250.0.101 update-source Loopback0
  neighbor 10.250.0.101 route-reflector-client
  neighbor 10.250.0.101 soft-reconfiguration inbound
  neighbor 10.250.0.102 remote-as 65000
  neighbor 10.250.0.102 update-source Loopback0
  neighbor 10.250.0.102 route-reflector-client
  neighbor 10.250.0.102 soft-reconfiguration inbound
  neighbor 10.250.0.201 remote-as 65000
  neighbor 10.250.0.201 update-source Loopback0
  neighbor 10.250.0.201 route-reflector-client
  neighbor 10.250.0.201 soft-reconfiguration inbound
  neighbor 10.250.0.202 remote-as 65000
  neighbor 10.250.0.202 update-source Loopback0
  neighbor 10.250.0.202 route-reflector-client
  neighbor 10.250.0.202 soft-reconfiguration inbound
  no auto-summary
  address-family vpnv4
    neighbor 10.250.0.101 activate
    neighbor 10.250.0.101 send-community both
    neighbor 10.250.0.102 activate
    neighbor 10.250.0.102 send-community both
    neighbor 10.250.0.201 activate
    neighbor 10.250.0.201 send-community both
    neighbor 10.250.0.202 activate
    neighbor 10.250.0.202 send-community both
  exit-address-family
  After this, RR doesn't accept any routes at all from S1PE1&S1PE2 routers, thus not reflecting any routes down to its clients S2PE1&S2PE2 as well:
  S1PE1#sh ip bgp vpnv4 all
  BGP table version is 6, local router ID is 10.250.0.101
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:1 (default for vrf VRF-A) VRF Router ID 10.250.0.101
  *> 10.1.1.0/24      10.1.101.2               0             0 65001 i
  S1PE1#sh ip bgp vpnv4 all neighbors 10.250.0.55 advertised-routes
  BGP table version is 6, local router ID is 10.250.0.101
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:1 (default for vrf VRF-A) VRF Router ID 10.250.0.101
  *> 10.1.1.0/24      10.1.101.2               0             0 65001 i
  Total number of prefixes 1
  S1PE2#sh ip bgp vpnv4 all
  BGP table version is 6, local router ID is 10.250.0.102
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:2 (default for vrf VRF-A) VRF Router ID 10.250.0.102
  *> 10.1.1.0/24      10.1.201.2               0             0 65001 i
  S1PE2#sh ip bgp vpnv4 all neighbors 10.250.0.55 advertised-routes
  BGP table version is 6, local router ID is 10.250.0.102
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:2 (default for vrf VRF-A) VRF Router ID 10.250.0.102
  *> 10.1.1.0/24      10.1.201.2               0             0 65001 i
  Total number of prefixes 1
  RR#sh ip bgp vpnv4 all
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.101 routes
  Total number of prefixes 0
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.102 routes
  Total number of prefixes 0
  Any feedback is appreciated. Thanks.
  Regards,
  Sergey

• LWAPP Neighbor discovery

  I'm trying to understand the LWAPP neighbor discovery mechanism. Specifically:
  - What packets are used for this purpose (e.g. beacons, dedicated msgs, etc.)?
  - What modulation/power level is used for above packets?
  - What is the lowest power level an AP can measure for "g" and "a"?
  - What is the lowest power level that may affect controller decisions?

  The WLCs and LAPs use the discovery request LWAPP packets to find the controllers and join request packets to register with the controllers.

• MP-BGP and MPLS

  Hello all,
  I've been experimenting recently with MP-BGP and MPLS. I have no issues with how it works and how to implement and have a fully working lab however I am wondering whether there is a solution that exists in order to create a full mesh without on every PE router having to specify the IP address of every other PE router in the VPNv4 configuration. So the ideal scenario would be that i could add another site to my MPLS which will receive all routes from every other site without updating any configuration at any other site.
  Thanks

  Hi Mathew,
  You can choose P1 or P2 as RR and configure a single MP-BGP session from PE devices to RR. Any new PE that you want to include will need configuraion changes on RR and the new PE alone. You dont need to add configuration on other exisitng PEs.
  You can also play around with bgp dynamic neighbor to further reduce the configuration. But I ahvent used it myself and not sure if VPNv4 is supported.
  -Nagendra

• BGP and MP-BGP

  What is difference between BGP and MP-BGP? and what is the exact application of both?

  Multiprotocol Extensions for BGP (MBGP), sometimes referred to as Multiprotocol BGP or Multicast BGP and defined in IETF RFC 4760, is an extension to Border Gateway Protocol that allows different types of addresses (known as address families) to be distributed in parallel. Whereas standard BGP supports only IPv4 unicast addresses, Multiprotocol BGP supports IPv4 and IPv6 addresses and it supports unicast and multicast variants of each. Multiprotocol BGP allows information about the topology of IP Multicast-capable routers to be exchanged separately from the topology of normal IPv4 unicast routers. Thus, it allows a multicast routing topology different from the unicast routing topology. Although MBGP enables the exchange of inter-domain multicast routing information, other protocols such as the Protocol Independent Multicast family are needed to build trees and forward multicast traffic.
  Multiprotocol BGP is also widely deployed in case of MPLS L3 VPN, to exchange VPN labels learned for the routes from the customer sites over the MPLS network, in order to distinguish between different customer sites when the traffic from the other customer sites comes to the PE router for routing.

• Troubleshooting with IOS BGP and IOS XR BGP - routing table Empty

  Hi
  actually we tried to make a neigborhood between ASR9000 and Cisco 7600, we have the neigborhood active but on routing tables from ASR only have the networks locals or connected doesn´t learn anything from BGP 7600
  the diagram is this:
  When try to know the routes on ASR9000 from Cisco 7609 happen the follow
  the neighbor is UP from Cisco 7600 and ASR 9000 but the routing table is empty.
  the config on cisco 7600 is:
  router bgp 2006
  neighbor 172.16.14.6 remote-as 64512
  address-family ipv4
  neighbor 172.16.14.6 activate
  the config on cisco ASR9000 is:
  router bgp 64512
  bgp router-id 172.16.161.1
  address-family ipv4 unicast
  neighbor 172.16.14.5
    remote-as 2006
    address-family ipv4 unicast
  Help us
  Best Regards

  Another important one is the fact that in XR you need to have RPL policies (even if they only have a "pass-all" functionality) to accept inbound/outbound routes in eBGP.
  Check the article on the asr9000 unequal cost multipath that has some sample BGP outputs and show command verifications that may help also.
  If not the case, get us the XR config from the A9K side.
  Also what does the bgp table on teh IOS side look like? as Richard suggests, there doesnt seem to be anything injected by the 7600 itself.
  regards
  xander
  Xander Thuijs
  Principal Engineer CCIE#6775, ASR9000

• Inbound IPV6 BGP Filterlists for ISP

  Hi people,
  I work for an company that is a tier2 ISP, we get full table transit from two tier 1 providers, we have recently gone with dual stack IPV4/6 and have the IPV6 BGP connection up from the teir1's but have no idea what to use for inbound prefix list filters.
  Can anyone give me a current upto date IPv6 prefix list we can use to filter out potential troublesome traffic from upstream?
  Many thanks.

  Hi Matthew,
  You might want to start with the Team CYMRU website. There are some excellent reference on that site about ipv4 and ipv6 filtering. They have been maintaning the ipv4 bogon list for many years and are considered a reference in the ISP community.
  http://www.team-cymru.org/ReadingRoom/Templates/IPv6Routers/
  Regards

• MP-BGP and Route-Reflector

  Hi All...
  I have this topology:
  CE2-->PE1-->P--->PE2-->CE2
  .............\-->PE3-->CE2
  In router "P" I want to configure MP-BGP, but I have many doubts with configurations this router. I need to do route-reflector too.
  Anybody can help me?
  CLRGomes

  Thanks, look my configuration:
  Router P
  router bgp 65500
  no synchronization
  no bgp default route-target filter
  bgp log-neighbor-changes
  neighbor MPLS peer-group
  neighbor MPLS remote-as 65500
  neighbor MPLS ebgp-multihop 255
  neighbor MPLS update-source Loopback0
  neighbor MPLS route-reflector-client
  neighbor MPLS allowas-in
  neighbor MPLS soft-reconfiguration inbound
  neighbor 10.10.10.2 peer-group MPLS
  neighbor 10.10.10.3 peer-group MPLS
  neighbor 10.10.10.4 peer-group MPLS
  no auto-summary
  address-family vpnv4
  neighbor MPLS route-reflector-client
  neighbor MPLS send-community both
  neighbor 10.10.10.2 activate
  neighbor 10.10.10.3 activate
  neighbor 10.10.10.4 activate
  exit-address-family
  ok...working perfect, I did MP-BGP between PE routers and I configured RDs differents too...
  Later I did between PE->CE with OSPF and working too, loadshare working.
  Thanks a lot
  CLRGomes
  CCIE R&S

• BGP and ASA NAT

  Hello Everyone,
  I have a need to multihome out two MAN links to the same ISP. The two links will connect via an ISR and will participate in an eBGP adjacency. On the internal side, iBGP will be used to create the alternate default route to the ISP. Each of the ISR’s downstream ports participates on the same Ethernet subnet. On the same subnet/broadcast domain, there are two ASA5510 appliances that will use HSRP to advertise the public IPv4 addresses and will NAT them into the private network.
  My question is, since the ASAs do not participate in BGP, and since we are going to NAT the traffic eliminating the need to use a route map to inject the default route into the downstream EIGRP network, would I simply build a static default route in the ASAs out the upsteam interfaces?  My initial thought is to not worry about recursive lookups because they are connected via Ethernet.
  ip route 0.0.0.0 0.0.0.0 fa0/0; and so on.
  I’ve attached a simple topology for reference.
  Thanks…Matt

  Yes Jcarvaja, HSRP is not a feature on the ASAs, and yes HSRP is difficult to setup natively to support active/active load balancing on any device. That's not really the point though is it. FHRP's are typically used for distribution switches and finely tuned to access layer 2 and layer 3 convergence, unless using GLBP (and even then should be considered). My mistake for using the term HSRP and thank you for pointing it out.
  As for the iBGP links, they represent the same subnet as I mentioned. The cat switches are there to facilitate physical restraints as each pair of ISRs and ASAs are two miles apart. Since the ASA's are performing NAT, they don't really participate in the BGP network and there is no need or capability to inject the BGP default route into the EIGRP network. They will participate in the downstream EIGRP network. If the MAN connection on one ISR goes down, then the iBGP route to the Internet will be graduated. I guess I could have indicated on the drawing that these were all a part of the same subnet. 
  How do I configure the ASA's static default route? Wouldn't I be able to inject  a static default route in each ASA using the ASA's outside interface when using active/active? If I have to, I could see if we can use EIGRP on the network upstream of the ASAs if there is no other way of doing this, but this is not preferred.
  Any help you can provide is greatly appreciated. 
  Thank you...Matt

• BGP and QOS

  Hi all, I need to apply QoS to control the traffic, I have a group of routers that are using BGP as routing protocol.
  Is it possible to apply QoS LLQ if I'm using BGP?
  It would be great if you can share an example.
  Thanks a lot
  David.

  Hi Joshep, thanks a lot for your answer.
  I'm trying to use QoS features (LLQ) in a network that is using BGP.
  For testing purpose, I want to control the http traffic to 100 Kbps, but when I apply this configuration I see that the http traffic is higher than 100 Kbps.
  Is there any difference with QPPB (QoS Policy Propagation via BGP)?
  ** QOS CONFIGURATION
  class-map match-all DATA
   match access-group 101
  policy-map QoS
   class DATA
   bandwidth 100
   class class-default
    fair-queue
    set ip precedence 0
  access-list 101 permit tcp 10.3.1.0 0.0.0.255 host 10.3.10.20 eq www
  ** BGP CONFIGURATION
  interface GigabitEthernet0/0
   description ***WAN***
   bandwidth 8000
   ip address 10.208.243.210 255.255.255.252
   ip pim sparse-dense-mode
   ip flow ingress
   ip flow egress
   load-interval 30
   duplex full
   speed 100
   service-policy output QoS
  router bgp 64789
   bgp log-neighbor-changes
   network 10.3.1.0 mask 255.255.255.0
   network 10.3.200.0 mask 255.255.255.0
   network 10.3.201.0 mask 255.255.255.0
   network 10.3.202.0 mask 255.255.255.0
   network 10.3.203.0 mask 255.255.255.0
   network 10.3.204.0 mask 255.255.255.0
   network 10.3.205.0 mask 255.255.255.0
   network 10.3.206.0 mask 255.255.255.0
   network 10.3.207.0 mask 255.255.255.0
   neighbor 10.208.243.209 remote-as 6147
   neighbor 10.208.243.209 update-source GigabitEthernet0/0
   neighbor 10.208.243.209 default-originate
   neighbor 10.208.243.209 soft-reconfiguration inbound
  Thanks again.
  David

• BGP and VPN

  Hi,
  We need to setup BGP network at our branch office so i wanted some of your opinions. Here is what I’m looking to setup.

  Here is what I’m looking to setup.
  2 Bandwidth providers FastE 10/100 with 4mb commit on both (multi-home)BGP.
  Routing a /27
  Usage is VPN ( 5 tunnels)and HTTP inbound and out.
  I would say a constant 30mb usage 24/7
  Not looking to go beyond 2 ISP and or 10/100
  1. How about a single  2821 Sec/K9 with 256 RAM for the route tables.
  2. Two 2811's, one 2811 with 256 RAM for the BGP and another 2811 Sec/K9 with 256 RAM for VPN.
  3. One 2811/2821 with 256 RAM for the BGP and another ASA for VPN