OSPF

- Is a Link state protocol, Router will announce state of the links to other
neighbors.
- The Neighbor Router propagates links to other Routers as it is.
- It works differently according to interface link type. It is intelligent

OSPF NEIGHBORSHIP
-----------------

OSPF State Hello Packet

2) Init State
Interface, 1) Down State R1
--------------------------------------> R2 Neighbor - 1.1.1.1 "Not
Confirmed"
Src:10.1.1.1,
Dst:224.0.0.5, TTL=1
Router ID: 1.1.1.1

3)2-Way State R1
<-------------------------------------- R2
Net: 2.2.2.2 Src:10.1.1.2,
Dst:224.0.0.5, TTL=1
Router ID: 2.2.2.2
Active Neighbor: 1.1.1.1

R1
-------------------------------------->R2 3) 2-Way State
Route ID : 1.1.1.1
Neighbor: 1.1.1.1
Active Neighbor :
2.2.2.2

NB: Now in 2 way State because Router 2 send hello packet to R1 and R1 saw it's
Router ID in the packet therefore confirming the 2-Way state.

Summarized Procedure : R1 Sends Hello Packet to R2 = Down State

R2 Receives Packet and goes to = Init State
R1 Receives Hello Packet sent by R2 and goes to = 2 Way -
State
R1 Sends hello packet and R2 goes to = 2 Way State

After the Routers have selected the DR & BDR in Multi Access Segment. The Client
neighbor relationship with DR & BDR will be Full.
The Client neighbor (Drother) relationship with another Client Router (Drother)
will be 2 - Way.

NB: Suppose you do not have DR in your network, DR Failed and you do not have BDR.
If this is the case then All Routers in the segment will be stuck in a 2 Way state.
They will know each other as neighbors but they will not exchange the DB. DB is
valid only for one hour, maxage time. Once it expires then they will not exchange
DB.
In summary there has to be a DR in a Multi-Access segment, if a DR fails for
some reason and you don't have BDR. The Routers will be stuck in 2-Way but will not
exchange DB therefore no routes will be available in Routing Table.
Watch : Net-Metric -> Day 11

OSPF Behavior
-------------

DR Election

- Interface priority. Default is 1 , Highest Wins !! ( If priority is set to 0 it

will not participate in Election). Priority range 1-255.
- highest router-id.

OSPF Network Types

------------------
1.Multi-Access

- A Router establishes full neighbor relationship with the DR & BDR. 224.0.0.6
- OSPF looks at the encapsulation to determine segment Type Broadcast -
Multiaccess.
- DR/BDR , OSPF Multicast, Hello Timer 10 , Dead Timer 40

2.P2P

- Router will look at encapsulation type if it is HDLC,P2P it is considered as P2P.

- There is no DR,BDR Election.
- ExStart : Election of Master and Slave, Router with the Highest Router ID will
become the Master
- Exchange : DBD exchange. Database exchange happens here. These are not LSU
packets.
- Master has a right to increment a sequence number, every DBD packet sent has a
sequence number and controlled by the Master. When the slave receives the packet
and checks the sequence number and sees
the increment it means the exchange happening are reliable.

NB: Even in Broadcast Networks you have Master - Slave relationship when they
exchange DBD packets & a Drother can be a Master and DR or BDR a Slave. It doesn't
apply to Point to Point only.
This is how Routers exchange packets.

- If OSPF is enabled on Loopback , it recognizes it.

- It advertises the network as X.X.X.X/32
- This can be changed if you want by changing Network type.
- No DR/BDR election , OSPF Multicast, Hello Timer 10 , Dead Timer 40

3.NBMA

- Non Broadcast Multi-Access Network.

- DR/BDR , OSPF Unicast, Hello Timer 30 , Dead Timer 120

4.P2MP

- Point to Multi-Point Network.

- DR/BDR , OSPF Unicast, Hello Timer 30 , Dead Timer 120

5. Loopback

- Treated as a Stub Host/ Dead End.

- OSPF is intelligent, no hello packets, no neighbor, nothing done, it only
advertises.
- Loopbacks can be advertised to show their original subnet mask by doing 2 things
- Chnage network type to Point-to-Point & Redistribution. Eithe of the 2 {route-map
XXX, match interface XXX, router ospf 1 XXX, redistribute connected subnets route-
map XXX} Run these commands in sequence.

6. Virtual-Link
- No DR/BDR election

7. Sham-Link
- No DR/BDR election

PASSIVE INTERFACE

- Suppresses hello packets from being sent out of the interface but the network
will be advertised
- router ospf 1
- network 10.0.0.0 0.0.0.255 area 0
- passive interface g0/0
- in the above example. Interface g0/0 is configured with ip 10.0.0.1 ,however it's
a stub/dead end and there is no neighbor.
so you can run passive interface to suppress hello messages and it will still
advertise the network 10.0.0.0

LSA's and Route Types

*********************

LSA Type 1 - {0} (Router LSA) Generated by every router in the OSPF domain
describing it's directly connected interfaces. LSA Type sends networks connected to
that Router in a single LSA Packet.

LSA Type 2 - {0} (Network LSA) Generated by DR in broadcast or non-broadcast

networks.

LSA Type 3 - {0 IA} (Network Summary LSA) - Generated by ABR, flooded from area 0
into non-backbone areas and vice versa. Includes cost, but hides ABR's actual path
to destination. ABR generates a separate LSA Type 3 packet for each
network in an Area. It does not combine
all diiferent network into a single LSA Packet like what LSA Type 1 does.

LSA Type 4 - (ASBR Summary LSA) Generated by ABR, flooded from area 0 into non-
backbone area. Describes ABR reachability to ASBR's in other Areas.

LSA Type 5 - Generated by ASBR. There are 2 Metric Types E1 & E2. E2 by default.
# redistribute eigrp 1 subnets metric-type1 (will change Metric to
Type 1)

Type 1 (E1) -> Take the cost the ASBR reports in plus the cost to the
ASBR.
Type 2 (E2) -> Take just the cost ASBR reports in. If there is a tie,
then take the cost to the ASBR as well
Type 1 is preferred over Type 2
Type 2 advertised by the ASBR to other Routers is a
constant cost/static metric. The cost remains the same it doesn't change even
passing
through other Routers. It doesn't add cost of links.
This is the default behavior with E2.

LSA Type 7 - Generated by the ASBR.

Notes: LSA Type 1 - Loopbacks are advertised as Stubs with cost of 1.
Any Ethernet Network is advertised as Transit (Multiple Exit)
Network with cost of 10.
P2P (Serial Link) is advertised with cost of 64.
Linkstate Topology Tree is generated by Type 1 LSA.
show ip ospf database router

LSA Type 2 - Generated by Designated Router in Multi Access Network & is

used to validate Type 1 Routes advertised.
show ip ospf database network

LSA Type 3 - ABR sends LSA Summary. ABR takes multiple LSA for the same
Routes and sends it. From one area to another.
show ip ospf database summary

LSA Type 4 - How to reach remote ASBR. Routers in the same area as ASBR they
do not need Type 4 since they are in same area.
Type - 4 LSA are generated by ABR not ASBR. ABR connected to
the ASBR is the one that sends to other Routers in other Areas.
show ip ospf database asbr-summary

LSA Type 5 - show ip ospf database external

Intra-Area Routes (O)

+ LSA Types 1 & 2

Inter-Area Routes (O IA)

+ LSA Types 3 & 4

External Routes

+ E1/E2
+ LSA Type 5

+ N1/N2
+ LSA Type 7

Triggered & Periodic Updates

-> WHen a router makes some changes it will send an LSU Update packet. Receiving
router will prepare Retransmission list.

DR | BDR Election

chosen through election process. Based on interface priority and router-id.

+ Priority
+ 0-255
+ Higher Better
+ 0 = Never

+ Router-ID
+ Highest Loopback/Interface IP
+ Can be statically set
+ Higher Better

-> When Routers exchange Hello Packets and they go to 2-Way State, as explained in
above EIGRP Neighbor Relationship Section.
-> The Routers will wait according to the Dead Timer depending on network type or
configured Dead Timer. After for example 40 Sec the Routers will start the election
DR|BDR Process.
-> Hello Packets exchanged after the Dead Timer will contain the DR&BDR ID's.
-> If you have a Single Router - R1 only in a segment it will become the DR. If you
add another Router - R2 to the segment with a higher Priority or Router ID, it will
not become the DR. OSPF is a non-preemptive. Unless you clear
or reboot Routers then changes will take place.

DR Fails Procedure

-> When DR fails the BDR will become the DR. The leftover Routers will elect for
new BDR.

Static Default Routes in OSPF

=============================

-> You cannot configure Static Routes and Redistribute in OSPF. It will not be
redistributed.
-> The only way to advertise static default route in OSPF is by configuring
default-information originate command.
-> In other Routing Protocols you can redistribute static default routes but in
OSPF not possible, because it is like that to prevent Loops.

default-information originate
default-information originate always (will always advertise even if you don't
configure the static default route)

OSPF Summarisation
==================

Inter-Area Summarisation (Directly Connected ABR)

************************
-> Route summarisation is only done on the ABR only.

-> If you summarise in an internal router (within an area) it will not take effect
because it is not an ABR

-> Local ABR are the only routers that can summarise because it is connected to the
same network, You cannot summarise on another ABR.

#router ospf 1
#area 10 range 1.1.0.0 255.255.252.0

-> You can leak a route when you summarise by adding the summary route and
specifying the specific network.

#router ospf 1
#area 10 range 172.26.32.0 255.255.248.0
#area 10 range 172.26.34.0 255.255.255.0 ( this leaks a route in ospf )

External Summarisation (Redistributing ASBR)

**********************

-> External route summarisation is done on the ASBR.

 #router ospf 1
#summary-address X.X.X.X X.X.X.X

no discard route

Filtering
=========
-> Because you need to keep a constant database you can't filter within an Area.

-> Filtering routes from one Area to another is LSA Type 3 filtering.

-> LSA Type filtering is only available on prefix list not access-list.

Block XXX from leaving area 10

ip prefix-list BLK deny X.X.X.X/X

ip prefix-list BLK permit 0.0.0.0/0 le 32
router ospf 1
area 10 filter-list prefix XXX out

- You can filter as traffic is leaving the area 10 (Outbound Area 10)
- You can also filter as it is entering the other Area 0 (Inbound Area 0)

area 0 filter-list prefix XXX in

NB: It's not recommended to use distribute list in OSPF.

OSPF does not exchange routes, it exchanges LSA's

OSPF Authentication
===================
-> supports clear text and md5.
-> authenticate per Area or per Interface basis.
-> Type 0 - Null
-> Type 1 - Simple Password
-> Type 2 - Cryptographic (MD5/SHA)

Text
****

R5

router ospf 1
area 10 authentication
!
interface e 0/0
ip ospf authentication-key Cisco123

- enables on all interfaces in AREA 10 of that particular router.

R6

Interface e 0/1
ip ospf authentication-key Cisco123
ip ospf authentication

- enables OSPF on e0/1 interface

MD5
***

R5

router ospf 1
area 10 authentication message-digest
!
interface e 0/0
ip ospf message-digest-key 1 md5 Cisco123

or

Interface e 0/1
ip ospf message-digest-key 1 md5 Cisco123
ip ospf authentication message-digest

SHA1
****

key chain ABC

key 1
key-string cisco123
cryptographic-algorithm hmac-sha-1

Interface e 0/0
ip ospf authentication key-chain ABC

OSPF Neighbor
=============
6 fields need to match in OSPF for neighbor relationship. AREA ID, HELLO
INTERVAL,DEAD INTERVAL,AUTHENTICATION,MTU*,AREA FLAG.

AREA Types
=========
There are only Three Area Types in OSPF: REGULAR, STUB, NSSA.

Stub Area - is to optimise routing table for routers

*********
Characteristics

1. The ABR of the Area will block LSA Type 5 Routes.

2. The ABR will inject default route into the Area (Type 3 - O* IA)

router ospf 1
area 10 stub

- Configure on internal Area Routers

- Stub areas will still see Inter-Area routes in it's routing table.

Totally Stub Area

*****************

Characteristics

1. Extension of Stub Area (2 Characteristics)

2. The ABR will also block Type 3 routes from propagating in.
- Only on the ABR

router ospf 1
area 10 stub no-summary

- ABR are the only routers that propagate Type 3 LSA's that's why you configure
Totally Stub on ABR's.

Not-So-Stubby-Area
******************

Characteristics

1. The ABR will block Type 5 routes from propagating in.

2. The ASBR within the Router will inject external route using a Type 7.
3. ABR will convert the Type 7 into a Type 5 before propagating the LSA into the
Backbone.

Configuration:

On All Routers within the Area including the ABR.

router ospf 1
area 10 nssa

Note: The Area will loose connectivity to the External Routes from the Backbone.
Internal Routers configured as nssa will lose conectivity to external routes
so mtitigate configure: nsssa stub

Only on the ABR:

router ospf 1
area 10 nssa default-information-originate

Not-So-Stubby-Area - Totally Stub Area

**************************************
area 10 nssa no-summary
**************************************

Issuing the command compatible rfc1587 under the OSPF router configuration causes
R1 to become compliant with RFC 1587 instead of 3101:

R1(config)#router ospf 1
R1(config-router)#compatible rfc1587

The result is now seen in R1’s routing table where it chooses the “E1” route over
the “N1”

Compatibility to RFC 3101 is enabled again. This is done by negating RFC 1587
compatibility with the no compatible rfc1587 command. Notice, R1 now prefers the
“N1” route again:

R1(config)#router ospf 1
R1(config-router)#no compatible rfc1587

#show ip ospf
OSPF FILTERING

- BY default when you redistribute route they are sent as E2 Type Routes with a
default metric of 20.
- You can filter routes when you have two ASBR's redistributing traffic.
- Metric Type includes the forward cost when it advertised meaning cost is added to
reach the network. E2 Type doesnot forward the cost it just sends as 20 as the
cost.

router ospf X
redistribute eigrp 100 subnets metric-type 1 (changes metric type from 2 to 1 )
redistribute eigrp 100 subnets metric-type 1 metric 30 (change metric to 30)

BFD
***

Technology used to optimise

#INterface e0/0
#bfd interval 300 min_rx 300 multiplier 3 ( If i don't receive

#router ospf 1
#bfd all-interfaces (enables all interfaces in OSPF)
#bfd e0/0 (enables a single interface)

Fast Re-Route

route ospf 1
fast-reroute per prefix enable area 0 prefix-priority high

OSPF DMVPN
**********

- when running OSPF in DMVPN please make sure you change the network type to point
to multipoint because by default its point-to-point which will allow only one
neighbor.

OSPF Path Selection

*******************
- you can play around with these to modify path selection. Prefer certain path than
the other or equal cost load balancing were both paths are used.

Interface
ip ospf cost 1

or

Interface e0/0
bandwidth 10000 (higher the better)

or

router ospf 1
auto-cost reference bandwidth

or

router ospf 1
 neighbor cost

OSPF Virtual Link

1. The virtual link transit area should not be a stub area.

2. One virtual link endpoint is the router that is not connected to the backbone
while other is an ABR that is connected to the backbone.
These routers need to be connected to the same transit area.
3. Both routers participating in the virtual-link have mirrored virtual-link
configuration.

-----------------------------------------------------------------------------------
------------
MULTICAST

-> applications come with multicast addresses embeded in them.

IGMP Snooping

-> is a feature on a cisco switch that allows it not to flood all ports but only on
multicast devices.

PIM

ip multicast-routing

Dense Mode - Data is sent flooded to Clients, if the router doesn't have a client
connected it will send prune message to the Server.
From that point the Server will not send to that client. If the router
has clients it will send IGMP Join messages informing i'm a member of that group.

#int X/X
ip pim dense-mode

- enabled on every router interface facing clients.

Sparse Mode

-> as soon as the routers (connecting to client) comeup they will send registration
message to RP ( Rendezvous Point) telling i have a client connected with IP X.X.X.X
-> when the Server sends the data it will send to the RP first. RP will use unicast
table to send to clients. It acts like a DNS resolution Server.

#int X/X
ip pim sparse-mode
!
ip pim rp-address X.X.X.X

AUTO RP

- router will anounce itself as RP Candidate.It is cisco propietory.

! ip pim send-rp-announce loopback 0 scope 10

- router will set itself as mapping Agent.

! ip pim send-rp-discovery loopback 0 scope 10

===================================================================================
============

SDWAN

vManage - Management Plane

*vManage uses NETCONF to communicate with vSmart & vBond.

*Single Management Plane, Centralm Policies, Centralised Troubleshooting
and Monitoring, Software Upgrades.

vBond - Ochestration Plane

*It is responsible for distributing list of vSmarts & vManage reachability

to all WAN Edge routers.
*It requires Public IP reachability.(Not Really Public but it has to be
reachable)
*authentication WAN Edges by using certificates which is signed by an
authoratitive CA.
*vBond tells Edges how to reach vManage by sharing the IP Address.
*WAN Edges use DTLS to communicate with vBond.

*To Summarise the Main Purpose Authenticates WAN Edges Routers using
Certificates installed on both V-Bond & WAN Edges.

vSmart - Control Plane

*vSmart uses OMP to communicate with Wan Edges.

*vSmart distributes control plane info to Wan Edges using OMP.
*All policies for Data flow are defined centrally on vManage and
distributed to WAN Edges using vSmart

*To summarise when performing Policy configurations on V-Manage it will

push the configs direct to V-Smart using NETCONF.
Then V-Smart will push the policies to WAN Edges using OMP.

vEdge/cEdge

*The WAN Edge Device Communicates to vSmart controllers using OMP to setup
the Data Flow.
*Implements data plane routing policies.
*Available as a Physical or Virtual Device.

Underlay is how the network is physically connected. IS-IS, MPBGP, OSPF

Overlay is how virtual tunnels will be created over the underlay. LISP,VXLAN

NB: V-Manage , V-Smart & V-Bond are VM's. There are no hardware devices.

VRF = VPN

VPN 0 = Transport VPN

They use VPN 0 (Management VPN) or 512 (Transport VPN) all controllers V-
Manage, V-Bond, V-Smart.
OMP,NETCONF runs on VPN 0. That is how the devices are configured.
controller use to communicate with other controllers using NETCONF.
or a vSmart controller needs to send an update to WAN Edge device it uses
this VPN
OMP relies on OSPF & BGP to reach the devices (Wan Edge Routers) from the
Controllers.
OSPF OR BGP are the supported protocols running on Wan Edge Routers VPN 0
for Control Plane Traffic.
OMP populates the WAN Edge Routers with Routes.

VPN 512 = Management VPN (Optional)

used only when you https to vManage to configure the controller.

actual control plane is on VPN 0.

DATA VPN = SERVICE VPN Range 1-511,513-65535

SERVCIE VPN .

* is created in Sites your ( LAN ), so you need to create a Service VPN for
your Data Traffic in your LAN.
* you can use range 1-511, 513-65535

BGP
===

-> BGP leverages TCP as its transport protocol, running over the well-known BGP TCP
port 179. This means that in order for a BGP peering session to come up between two
routers, they must first
establish a TCP session with each other. Thus, BGP session establishment is a
twostep process, where the first step is establishing a TCP session and the second
step is exchanging BGP-specific information to build the BGP peering session
-> TCP sessions operate on a client/server model. The server listens for connection
attempts on a specific TCP port number. The client attempts to establish TCP
sessions to the port number on which the server is listening. The client sends a
TCP synchronization (TCP SYN) message to the listening server indicating that it
would like to begin sending data to the server. The server responds with a TCP
synchronization acknowledgment (TCP SYN ACK) message
confirming it received the client’s request and is ready to receive data over
the connection.
-> In BGP you use network statement to advertise networks that have been learnt
through IGP's. There is a difference on how network statement is treated in BGP.

-> Whenever a network is advertised in BGP it attaches an attribute called AS Path,

which acts is a loop avoidance mechanism.

-> The main purpose is to connect different AS.

iBGP
----

-> relies on IGP to provide reachability from one edge to another edge.
-> In order not to remove the attributes in IBGP esp AS-PATH, if you redistribute
it will lose the attributes.
-> In iBGP when a router receives a route and advertises to another iBgp peer it
doesn't change next hop self to mitigate this next hop self should be configured.

#neighbor x.x.x.x next-hop-self

-> Next-Hop self only applies to External Routes (Received from EBGP Peers)
received from EBGP. It doesn't work on iBGP Routes.

-> By Default, iBGP does not send iBGP learnt routes to other iBGP neighbors (BGP
Split-Horizon Rule).
-> 2 Main ways to get around it:
-> Full Mesh between all the neighbors (Not Scalable)
-> Configure the Central Router as a Route Reflector. It disables split-
horizon for routes towards Clients
-> Route-Reflection will NOT change the Next-hop of a router even if the Next-hop-
self command has been used. Because it's for routes learnt from eBGP neighbor.
-> iBGP peering sessions differ from eBGP peering sessions in that there is BGP
connected check performed on iBGP peering sessions. In fact, the router defaults to
using a TTL value of 255 for BGP messages sent to iBGP peers.
-> The reason for this is that iBGP neighbors do not advertise received iBGP routes
between each other, a rule more commonly referred to as the iBGP split-horizon rule
among many in the network community. The RFC, however, uses different terminology.
-> When a BGP speaker receives an UPDATE message from an internal peer,the
receiving BGP speaker SHALL NOT re-distribute the routing information contained in
that UPDATE message to other internal peers (unless the speaker acts as a BGP Route
Reflector
-> If the router has learned a path from an iBGP neighbor, it assigns it the route
type internal. If a BGP router chooses a path marked as internal as its best path,
it will only advertise it to eBGP peers and not iBGP peers.
-> The reason BGP behaves this way is related to how BGP detects routing
information loops. When paths are advertised between ASes, the advertising router
prepends its own ASN to the AS_PATH attribute of the
advertised path. The receiving router performs a check on the AS_PATH attribute for
every path it receives from a BGP neighbor. If its own ASN is found in the AS_PATH,
the router will reject the prefix. This is the
basis for BGP loop prevention. The reason behind this is because BGP is primarily
concerned with routing between ASes. In this way, BGP sees each AS as a single
router. With this understanding, it is easy to see why emphasis is placed on ASNs
as a loop prevention mechanism.
-> The problem occurs using this method for internal peers. If a BGP-speaking
router adds the local ASN to the AS_PATH attribute of a path it is advertising to
an internal peer, that internal peer would reject the path
because the AS_PATH will contain the local ASN. The receiving internal peer would
assume that the path had previously been advertised to the local AS and was being
returned to the AS erroneously when in reality, the advertising router is simply
relaying the path for the first time.

EBGP
---

-> When establishing neighbor relationship it has to be directly connected

interface.
-> if you establish thru loopback you need to override the default behavior by
configuring

#neighbor X.X.X.X ebgp multihop (Configured on both iBgp peers)

ORIGIN CODE
-----------

show ip bgp

i = indicates where router originated the network whether via network statement or
redistribution.
? = indicates routes have been redistributed.

Route Filtering
===============

-> Routes can be filtered by interface or neighbor.

Route Filtering using ACLs

*****************************************************

Requirement: R5 would like to block Network 55.55.55.0/24 going towards R2. Do not
use a Prefix-list for this task.

access-list 1 deny 55.55.55.0 0.0.0.255

access-list 1 permit any
!
router bgp 500
neighbor 192.1.25.2 distribute-list 1 out

*****************************************************
- Route Filtering using Prefix-Lists
*****************************************************

Requirement: R2 would like to block any Major or Subnet from the 22.0.0.0/8 &
33.0.0.0/8 range from going towards R5. Do not use a Access-list for this task.

ip prefix-list PL-1 deny 22.0.0.0/8 le 32

ip prefix-list PL-1 deny 33.0.0.0/8 le 32
ip prefix-list PL-1 permit 0.0.0.0/0 le 32
!
router bgp 1000
neighbor 192.1.25.5 prefix-list PL-1 out

*****************************************************
- AS Path Filtering
*****************************************************

-> You can use AS-Path to filter a route since it is pre-pended in the packet.

Special Characters

^ - Beginging of the Line

$ - End of the Line
_ - ' ' OR '^' OR '$'
.* - Any

Requirement # 1: AS 400 would like to block any route originating from AS 500.

-----
R4
-----

ip as-path access-list 1 deny _500$

ip as-path access-list 1 permit .*
!
router bgp 400
neighbor 192.1.14.1 filter-list 1 in
neighbor 192.1.47.7 filter-list 1 in

Requirement # 2: AS 600 would like to block any route touching AS 1000.

-----
R6
-----

ip as-path access-list 1 deny _1000_

ip as-path access-list 1 permit .*
!
router bgp 600
neighbor 192.1.36.3 filter-list 1 in
neighbor 192.1.67.7 filter-list 1 in

Requirement # 3: AS 1000 would like to send local routes only to AS 400,600 & 700.

-----
R1
-----

ip as-path access-list 1 permit ^$

!
router bgp 1000
neighbor 192.1.14.4 filter-list 1 out
neighbor 192.1.17.7 filter-list 1 out

-----
R3
-----

ip as-path access-list 1 permit ^$

!
router bgp 1000
neighbor 192.1.36.6 filter-list 1 out
neighbor 192.1.37.7 filter-list 1 out

Requirement # 4: AS 500 would like to make sure that AS 1000 is not a Transit AS

-----
R5
-----

ip as-path access-list 1 permit ^1000$

!
router bgp 500
neighbor 192.1.25.2 filter-list 1 in

***********************************************************************************
******
- Summarize the 201.X.X.0/24 routes toward the Southbound eBGP neighbors Only (R1 &
R3)
***********************************************************************************
******
BGP AGGREGATE

-> The Router also learns the specific networks is because by default, issuing the
aggregate-address command without any optional arguments, causes the aggregator to
advertise both the aggregate and the specific networks covered by the aggregate
network.
-> To generate an BGP aggregate route, the BGP table should hold at least one more
specific address from the aggregated range.
-> What if the BGP table does not have a more specific entry? In this case, a
specific entry can be manually added to the BGP table in the following manner:

1. Create a static route to null 0 for the aggregate address

2. Create the aggregate using redistribute or network command to inject the
static null 0 route into BGP.

#ip route 10.1.0.0 255.255.252.0 null 0

#router bgp 200
#network 10.1.0.0 mask 255.255.252.0

-> The basic operation is, when the aggregator creates an aggregate, it has the
option of including all ASNs of all specific paths covered by the aggregate or it
can use the ATOMIC_AGGREGATE attribute. When using the
ATOMIC_AGGREGATE attribute, the aggregator is signifying that AS_PATH information
has been omitted from this aggregate. Thus, receiving routers need to be aware that
the actual path taken by traffic sent using
this aggregate path may not take the path specified in the AS_PATH attribute. This
task requires that R1 should receive all ASNs of the component prefixes in the
AS_PATH of the resulting aggregate path. When performing aggregation, the router
will add these ASNs to what is known as the AS_SET segment of the AS_PATH
attribute.
-> so basically when you aggregate by summarizing routes it doesn't include
attributes like AS-Path so when you want it to summarise routes with attributes
include as-set in your command.

-> The aggregating router has to be explicitly configured to include this

information by attaching the as-set keyword to the aggregate-address command. The
configuration below performs this on R2:
On R2:

R2(config)#router bgp 200

R2(config-router)#aggregate 10.1.0.0 255.255.252.0 summary-only as-set

Summarizing Routes in BGP

------
R1
------

router bgp 1000

aggregate-address 201.1.4.0 255.255.252.0

-> This creates the Summary route. It does not block the specifics.

-> Now that the Summary route is created, you have the ability to create a prefix-
list to block the route towards the external neighbors.
-> You also only want to send the specific routes Northbound.

ip prefix-list PL-A deny 201.1.4.0/22 ge 24

ip prefix-list PL-A permit 0.0.0.0/0 le 32
!
router bgp 1000
neighbor 192.1.14.4 prefix-list PL-A out
neighbor 192.1.17.7 prefix-list PL-A out
!
ip prefix-list PL-B deny 201.1.4.0/22
ip prefix-list PL-B permit 0.0.0.0/0 le 32
!
router bgp 1000
neighbor 10.2.2.2 prefix-list PL-B out

------
R3
------

router bgp 1000

aggregate-address 201.1.4.0 255.255.252.0

-> This creates the Summary route. It does not block the specifics.
-> Now that the Summary route is created, you have the ability to create a prefix-
list to block the route towards the external neighbors

ip prefix-list PL-A deny 201.1.4.0/22 ge 24

ip prefix-list PL-A permit 0.0.0.0/0 le 32
!
router bgp 1000
neighbor 192.1.36.6 prefix-list PL-A out
neighbor 192.1.37.7 prefix-list PL-A out
!
!
ip prefix-list PL-B deny 201.1.4.0/22
ip prefix-list PL-B permit 0.0.0.0/0 le 32
!
router bgp 1000
neighbor 10.2.2.2 prefix-list PL-B out

***********************************************************************************
******
- Summarize the 202.X.X.0/24 routes toward all the neighbors. Only send the
summary.
***********************************************************************************
******

------
R2
------

router bgp 1000

aggregate-address 202.1.4.0 255.255.252.0 summary-only

-> This creates the Summary route. It suppress the specific routes.
-> Only the Summary Route is sent.
-> This applies to the routes for all neighbors.

***********************************************************************************
******
- Unsuppress the 202.1.7.0/24 network towards R5.
***********************************************************************************
******

------
R2
------

access-list 11 permit 202.1.7.0 0.0.0.255

!
route-map USM
match ip address 11
!
router bgp 1000
neighbor 192.1.25.5 unsupress-map USM

-> This leaks out the suppressed route towards the specified neighbor.

***********************************************************************************
******************
- Summarize the 203.X.X.0/24 routes toward all the neighbors. Send the Summary and
the 203.1.6.0/24
***********************************************************************************
******************

------
R2
------

access-list 1 deny 203.1.6.0 0.0.0.255

access-list 1 permit any
!
route-map SM
match ip address 1
!
router bgp 1000
aggregate-address 203.1.4.0 255.255.252.0 suppress-map SM

-> This creates the Summary route. It suppresses the routes permitted in the Route
Map.
-> This is known as Selective Suppression.
-> It applies to the routes for all neighbors.

***********************************************************************************
******************
- Configuring Multi-Pathing
***********************************************************************************
******************

-> Allows a router to use multiple paths to reach a network. BGP doesn't do
loadbalancing by default even if Metric are all the same.
-> below commands show how to set maximum paths for ebgp , ibgp & both together.

==========================================
1. eBGP MultiPathing
==========================================

-----
R10
-----

router bgp 100

maximum-path 2

==========================================
2. iBGP MultiPathing
==========================================
-----
R9
-----

router bgp 2000

maximum-path ibgp 2

==========================================
3. iBGP/eBGP MultiPathing ( When you have a Router with an EBGP & iBGP neighbor )
==========================================

-----
R3
-----

router bgp 1000

maximum-path eibgp 2

- this can cause problems in iBGP, because iBGP doesn't have loop avoidance
mechanisms.

===========================================================================
2. Configure BGP to redistribute IBGP routes into IGP
===========================================================================

- ibgp routes are not sent by default so you have to do it manually by configuring
below.
-----
R3
-----

router bgp 1000

bgp redistribute-internal

===========================================================================
3. Configure R3 to change the Next-hop to self for iBGP Routes as well
===========================================================================

-----
R3
-----

router bgp 1000

neighbor 192.168.34.4 next-hop-self all
neighbor 192.168.35.5 next-hop-self all

2. Configuring BFD for BGP (Lab 26)

*********************************************************

Requirement: Configure BGP between AS 1000 & AS 2000

===================================================================================
====================
1. Enable BFD Timers on the Interfaces between AS 1000 & AS 2000
===================================================================================
====================

-----
R4
-----

Interface E 0/2
bfd interval 350 min_rx 350 multiplier 3
!
Interface E 0/3
bfd interval 350 min_rx 350 multiplier 3

-----
R7
-----

Interface E 0/0
bfd interval 350 min_rx 350 multiplier 3

-----
R8
-----

Interface E 0/0
bfd interval 350 min_rx 350 multiplier 3

============================================================
2. Configure BFD between (R4 & R7) & (R4 & R8)
============================================================

-----
R4
-----

router bgp 1000

neighbor 192.1.47.7 fall-over bfd
neighbor 192.1.48.8 fall-over bfd

-----
R7
-----

router bgp 2000

neighbor 192.1.47.4 fall-over bfd

-----
R8
-----

router bgp 2000

neighbor 192.1.48.4 fall-over bfd

**************************************************************
Attributes
**************************************************************

**************************************************************
Local Preference Attribute
**************************************************************

- It controls traffic leaving your AS.

- It will be set as an attributes on the Remote Routes.
- Once set, it will be propagated to all iBGP neighbors.
- It is a number.
- The default is 100.
- Higher the better.

Requirement#1: AS2000 would like R7 to be the preferred exit towards any route
learnt from AS 1000.

-----
R7
-----

route-map SETLP
set local-preference 111
!
router bgp 2000
neighbor 192.1.47.4 route-map SETLP in

Requirement#2: AS2000 would like R7 to be the preferred exit towards the specified
routes learnt from AS 1000.

1.1.1.0/24
1.3.1.0/24
1.4.1.0/24

access-list 1 permit 1.1.1.0 0.0.0.255

access-list 1 permit 1.3.1.0 0.0.0.255
access-list 1 permit 1.4.1.0 0.0.0.255
!
route-map SETLP permit 10
match ip address 1
set local-preference 111
route-map SETLP permit 20
!
router bgp 2000
neighbor 192.1.47.4 route-map SETLP in

**************************************************************
MED Attribute
**************************************************************

- It controls traffic entering your AS.

- It will be set as an attributes on the outbound routes.
- Once set, it will be propagated to all eBGP neighbors.
- It is a number. It is like the metric/cost.
- Lower the better.
- The default is 0. Since the default is 0 on Routers you poison by increasing the
other router metric hence it will not be preferred.

Requirement#1: AS2000 would like R8 to be the preferred router for incoming

traffic.

-----
R7
-----

route-map SETMED
set metric 55
!
router bgp 2000
neighbor 192.1.47.4 route-map SETMED out
'
**************************************************************
Weight Attribute
**************************************************************

- Cisco Prop. Attribute

- It controls traffic leaving your Local Router.
- It will be set as an attributes on the Remote Routes.
- Once set, it is only used locally and not sent to any neighbors.
- It is a number. The weight attribute is not exchanged between neighbors.
- The default is 32768 Directly Connected Routes; 0 for Remote Routes.
- Higher the better.

Requirement#1: R8 should use the direct link for outbound traffic towards AS 1000.

-----
R8
-----

route-map SETWT
set weight 99
!
router bgp 2000
neighbor 192.1.48.4 route-map SETWT in

-> you can add a prefix-list and then add match ip address to assign weight for a
particular network.

or

router bgp 2000

neighbor 192.1.48.4 weight

-> this command sets the weight for all the routes for the particular neighbor.

**************************************************************
AS Path Attribute
**************************************************************

- It controls traffic Entering or Leaving your AS.

- The shorter AS Path is preferred.
- You have the ability to prepend an AS # to the AS Path to make it a less
preferred route.
- When prepending inbound, prepend using the remote connected AS #.
- When prepending outbound, prepend using the local AS.
- You poison the Router that you do not prefer either entering or leaving your AS.

Requirement#1: AS 2000 should use the R4-R7 link for outbound traffic.

-----
R8
-----

route-map SETAS
set as-path prepend 1000
!
router bgp 2000
neighbor 192.1.48.4 route-map SETAS in

Requirement#2: AS 2000 should use the R4-R8 link for inbound traffic.

-----
R7
-----

route-map SETAS
set as-path prepend 2000
!
router bgp 2000
neighbor 192.1.47.4 route-map SETAS out

**************************************************************
No Export Community Attribute
**************************************************************

==========================================================================
1. Configure the loopbacks specified and advertise them in BGP AS 110
==========================================================================

Interface Loopback101
ip address 111.1.1.1 255.255.255.0
!
Interface Loopback102
ip address 111.1.2.1 255.255.255.0
!
Interface Loopback103
ip address 111.1.3.1 255.255.255.0
!
Interface Loopback104
ip address 111.1.4.1 255.255.255.0
!
router bgp 110
network 111.1.1.0 mask 255.255.255.0
network 111.1.2.0 mask 255.255.255.0
network 111.1.3.0 mask 255.255.255.0
network 111.1.4.0 mask 255.255.255.0

===================================================================================
====================
2. Network 111.1.1.0/24 & 111.1.2.0/24 should not be advertised outside of AS 2000.
Configure R11 to accomplish this.
===================================================================================
====================

- It's a community attribute that tells neighbor not to export route out of an AS.
------
R11
------

ip prefix-list PL-1 permit 111.1.1.0/24

ip prefix-list PL-1 permit 111.1.2.0/24
!
route-map SETATT permit 10
match ip address prefix PL-1
 set community no-export
route-map SETATT permit 100
!
router bgp 110
neighbor 192.1.190.9 route-map SETATT out
neighbor 192.1.190.9 send-community standard

------
R9
------

router bgp 2000

neighbor 10.7.7.7 send-community standard
neighbor 10.8.8.8 send-community standard

**************************************************************
No Advertise Community Attribute
**************************************************************

===================================================================================
====================
1. Network 111.1.3.0/24 & 111.1.4.0/24 should be advertised only to R9. R9 should
not advertise this route to any router.
===================================================================================
====================

- It's a community attribute that tells neighbor not to export route out of an AS.

------
R11
------

ip prefix-list PL-2 permit 111.1.3.0/24

ip prefix-list PL-2 permit 111.1.4.0/24
!
route-map SETATT permit 20
match ip address prefix PL-2
set community no-advertise
========================================================================

BGP NetMetric

- PathVector/Distance Vector
- L3|L4|App : TCP 149
- BGPv4 (MP-Ext) , Classless , No Periodic Updates, Triggered Updates, Unicast
Based Connection,
- AS Number 16 Bit 1 - 65535
32 Bit 1 -
- In BGP whichever Router which initiates the communication becomes the client. It
works in Server to Client mechanism.

BGP Process
-----------

- IT Starts in Idle State : refuse all incoming connection.

- when neighbor x.x.x.x remote-as is typed it will initialize all bgp resources &
it starts connect retry timer 120 Seconds, it cannot be altered.
- It will initiate TCP Connect : Connect State
- TCP 3 Way Handshake will start : If it successful, it will clear the connect
retry timer.
- Sends Open Message

BGP Optimization
----------------

-> to improve optimization you can make BGP Router to update it's routing table
quickly when a network goes down.

#router bgp 1
#neighbor X.X.X.X fall-over

-> these were developed before BFD was there which is a much faster technique.

Standard Community

access-list 1 permit 20.1.1.0 0.0.0.255

access-list 2 permit 20.2.0.0 0.0.0.255

route-map TST permit 10

match ip add 1
set community no-export

route-map TST permit 20

match ip add 2
set community no-advertise

router bgp 100

neighbor X.X.X.X route-map TST out
neighbor X.X.X.X send-community standard

->

Route Tags
----------

access-list 3 permit 20.3.0.0 0.0.0.255

route-map TST permit 20

match ip add 3
set community 100:1
!
router bgp 100
neighbor X.X.X.X route-map TST out
neighbor X.X.X.X send-community standard
!
!

show ip bgp

-> should show the community number RT number. if it shows a long number issue the
command in global config : ip bgp new-format
-> run show command again, you should see the correct Tag Number.

BGP Best Path Selection

========================
1.Weight (Highest)
2.Local Pref (Highest)
3.Locally Originated : a. network command , b. redistribution , c.aggregate
4.AS-Path (Shortest)
5.Origin Code : i > e > ?
6.MED
7.eBGP over iBGP
8.Lowest IGP metric to BGP next Hop ( Compare metric of IGP Protocols e.g OSPF vs
EIGRP running in your AS)
9.Multipath
10.Oldest Route
11.Lowest Router ID : Disbaled by default -> bgp best-path compare-routerid
12.Originator ID
13.Lowest Neighbor IP

BGP Filtering

ORF

-> a feature that allows R1 to inform R2 neighbor router to filter traffic for R1.
-> it pushes the config to R2 and tells it to implement it.
-> Only uses Prefix list

R1

router bgp XXX

neighbor X.X.X.X capibility orf prefix-list both

R2

router bgp XXX

neighbor X.X.X.X capibility orf prefix-list both

R1 : Identify the Traffic you want to Filter

ip prefix-list ORF-PFX deny 15.0.0.0/8

ip prefix-list ORF-PFX permit 0.0.0.0/0 le 32
!
router bgp X
neighbor X.X.X.X prefix-list ORF-PFX in

#clear ip bgp * soft in prefix-filter

AS-PATH Filtering

Deny any network with AS 300.

ip as-path access-list 1 permit 300

!
route-map DENY_AS300 deny 10
match as-path 1
!
route-map DENY_AS300 permit 20
exit
!
router bgp XXX
neighbor X.X.X.X route-map DENY_AS300 in
--------------

-> router will filter any network with more than 1 AS.

router bgp XXX

bgp maxas-limit 1

-------------------

BGP Synchronisation

-> by default it is disabled

-------------------

BGP BackDoor

-> when you have primary and secondary link and one of the link is IGP & other link
eBGP.
-> router will chose eBGP over IGP because AD is 20 for BGP.
-> On the Router you want the route to be prefered using IGP.

router bgp 100

network 10.0.0.0 mask 255.255.255.0 backdoor

-> the above command will not advertise it will change the AD of eBGP to 200 hence
making IGP prefered path.

->

BGP Dampening

-> when you have a flapping interface, the route will be put in dampening state

access-list 1 x.x.x.x x.x.x.x

!
route-map RM-DMP permit 10
match ip add 1
set dampening 10 1500 4000 30
!
router bgp XXX
bgp dampening route-map DAMP
!

-------------------

BGP Route Reflector

-> Route Reflector is a technique used to peer with other Routers within an AS.

-> Every update sent by Route Reflector Client to RR will be sent to Route
Reflector Clients & Non - Route Reflector Clients.

-> Each update contains Originator ID (OID) & Cluster List (CL)

-> Cluster ID is a list of Route Reflectors an update passes through. Depends on

how many RR you have in your Topology.
-> These Originator ID & Cluster List are used also to prevent loops. Because if
the packet is sent back to the Router Originator it will reject it since it is the
one that sent it.

-> In a Topology with 2 RR, a RRC will receive a route from both. It is called
Minimum Cluster List Length. It check the Cluster List Length. The minimum will be
selected, basically update packet with less Cluster List.

-> The problem with the full-mesh requirement for internal peers is scalability. As
the number of BGP-speaking routers grows in the AS, the required number of iBGP
peering sessions increases as well. For smaller BGP implementations.

-> One solution to the iBGP scalability issue is the introduction of what is known
as the BGP Route Reflector. Defined first in RFC 1966 and revised to RFC 4456, the
BGP route reflector configuration works by allowing a BGP router to relax the iBGP
split-horizon rule.

-> Other iBGP peers peer with this single router. When the designated router
receives an internal path from one of its iBGP peers, it is allowed to advertise
(or reflect) that path to all of its other configured iBGP peers. This cuts down on
the number of internal peer sessions that are required for all routers to receive
all internal paths.

->The designated router is known as the route reflector and the routers that it
serves are its route reflector clients. In the configuration, route reflector
clients have no idea they are being serviced by a route reflector.
They simply receive and advertise routes with the route reflector as if it was a
normal iBGP peer. This means route reflector clients may also form iBGP peerings
with other non-route-reflector internal routers as well if
the design calls for it.

-> There is no explicit configuration command that enables a router to be a route

reflector for all of its neighbors. Instead, route reflection is configured on a
peer-by-peer basis using the neighbor neighbor address route-reflector-client BGP
router configuration command. This configuration designates the neighbor to be a
route reflector client of the local router.

-> For route-reflectors, the rule “do not re-advertise iBGP learned routes to other
iBGP speakers” is relaxed. Route reflectors are allowed to advertise iBGP learned
routes to other iBGP peers that are configured as their clients.

-> With R1 as a route reflector, those additional routers only need a single iBGP
peering session with R1. R1 should designate those 20 routers as route reflector
clients and the network will operate much more optimally. This reduces the required
iBGP session count from the previous 253 (23(23-1)/2) to 22 (23 total routers - 1
because R1 does not peer with itself).

-> Route reflectors do not modify the next hop addresses when advertising an iBGP
route to client or non-client. They only reflect the route with the original next
hop address. In fact, even if configured with the neighbor neighbor-address next-
hop-self command, the route reflector will only set itself as the next-hop for
routes it originates.

-> So to solve this task, R2 and R3 should be able to reach the next hop addresses
for each other's loopback 0 networks that they learn from R1 via BGP. This can be
done by running an IGP such as OSPF to provide
reachability information. However, the task explicitly states to remove OSPF. In
addition, as stated earlier, the neighbor next-hop-self command will not work for
this purpose.
-> To solve the task, two route-maps are created on R1 named “R2” and “R3”. The set
ip next-hop 12.1.1.1 is issued under route-map “R2”, intended to set the next-hop
to 12.1.1.1 for paths R1 reflects to R2. The set ip
next-hop 13.1.1.1 is issued under route-map “R3”, intended to set the next hop to
13.1.1.1 for paths R1 reflects to R3:

-> the Originator ID and the Cluster List. These two attributes are created by
route reflectors and are the key to avoiding loops when reflecting routes. Recall
that, because a BGP router does not prepend the local ASN to the AS_PATH attribute
of a path advertised to an internal peer, the primary BGP loop prevention mechanism
is broken. This is why BGP routers do not advertise internal paths to other
internal peers.

-> Route reflectors relax these rules and are able to do so because of the
existence of the ORIGINATOR and CLUSTER_LIST attributes. First, the ORIGINATOR
attribute contains the BGP router ID of the internal peer that first advertised the
internal path in the AS. If a BGP router receives an internal route with its own
BGP router ID in the ORIGINATOR attribute, it drops the update under the assumption
that somehow the path was looped back to itself.

-> When a route reflector reflects routes to its clients, it will do one of the
following:

1. If the ORIGINATOR and CLUSTER_LIST attributes are missing the router creates
them.
a. It sets the ORIGINATOR attribute to the BGP router ID of the router that
originally advertised the path.
b. It adds its own CLUSTER_ID (its own BGP router ID by default) to the
CLUSTER_LIST attribute.

2. If the route being reflected already has existing ORIGINATOR and CLUSTER_LIST
attributes, the route reflector leaves the ORIGINATOR attribute unchanged and
prepends its own CLUSTER_ID to the CLUSTER_LIST.

On R1:
R1(config)#route-map R2
R1(config-route-map)#set ip next-hop 12.1.1.1
R1(config)#route-map R3
R1(config-route-map)#set ip next-hop 13.1.1.1

R1(config)#router bgp 100

R1(config-router)#neighbor 12.1.1.2 route-map R2 out
R1(config-router)#neighbor 13.1.1.3 route-map R3 out

To Summarise BGP Reflector Solutions

1. Configure any IGP e.g. OSPF,EIGRP & BGP Reflectors.

2. Configure Route-Map and setup ip next-hop as the RR

BGP PEER GROUPS

---------------

-> BGP peer groups are a BGP construct designed to allow administrators to place
BGP neighbors into specific update groups.
-> Doing so provides a major advantage when a BGP-speaking router needs to
calculate the set of paths that need to be advertised to its neighbors.
-> Instead of calculating the paths to be advertised separately for each neighbor,
the router only has to calculate it one time for each update group. The router can
send the same UPDATE message to all routers in the same update group.
-> BGP peer group configuration is a locally-significant configuration, meaning it
is not communicated to neighboring BGP-speaking routers. Each router can have an
independent and completely different peer group configuration.

#router bgp 100

neighbor TST peer-group
neighbor TST remote-as 100
neighbor TST update-source loopback0
neighbor TST version 4
neighbor TST password cisco
neighbor 2.2.2.2 peer-group TST
neighbor 3.3.3.3 peer-group TST
neighbor 4.4.4.4 peer-group TST

-> The use of BGP peer groups reduced the configuration from 12 lines down to 8. In
this way, BGP peer groups optimize two things, UPDATE message generation and
configuration management.

BGP CONFEDERATION
-----------------

Recall that iBGP’s path advertisement rules prevent an BGP router from advertising
internal paths to internal peers. This rule forces full-mesh iBGP connectivity
between all routers. The full-mesh iBGP
peer requirement, however, suffers from scalability concerns as the number of
internal BGP routers in the organization increases. To solve this scalability
limitation, two methods exist: Route reflection and Confederation.

The Confederation Identifier is basically a BGP ASN that is used to represent the
entire Confederation to non-Confederated peers. This identifier needs to match on
all routers that are members of the same confederation. Typically
the BGP confederation identifier is the public ASN assigned to the organization.
The confederation identifier is also the ASN the router will use in its peerings
with peers that are not members of the confederation.

At this the router knows its confederation peers and its non-confederation peers
and the power of Confederations can be realized. The router assigns a role to all
of its BGP peers to be one of the following:

- Confed-eBGP: A peer in a different AS that is a member of the confederation

(in the confederation peers list)
- Confed-iBGP: A peer that is in the same AS as the local router
- eBGP: A peer that is in a different AS that is not a member of the
confederation (not in the confederation peers list)

When the router advertises a path to a Confed-eBGP peer, it places its own local
ASN in the AS_PATH attribute. When the router advertises a path to a confed-iBGP
peer, it doesn’t add the local ASN to the
AS_PATH (just as if it were a normal iBGP peer). When the router advertises a path
to an eBGP peer, it strips out all confederated ASNs and only prepends the
confederation identifier to the AS_PATH attribute.
Stripping out the confederated ASNs and advertising the confederation identifier to
eBGP peers represents the entire Confederation as a single AS to the external peer
even though it is actually a collection of subASes.
In BGP Confederation when you alter BGP attributes like Local Preference which is
propagated to iBGP is actually propagated to all Confed-eBGP, Confed-iBGP.

==================
DMVPN
==================

-> It can be GRE or IPsec

-> MGRE has to be configured and you specify tunnel source but not destination
because it will become point to point.(On the Hub)
-> All Routers should be configured as mGRE tunnel mode.
-> NHRP is the protocol that discovers the destination. When ever you configure
client it will discover the NHRP Server this is called NHRP Registration.
-> OverLay Routing is required. Best suited protocol for DMVPN (Hub & Spoke
Topology) is EIGRP, You can use OSPF or iBGP.