BGP Lab 03

これは初級の containerlab コースです

従来の hands-on コースとして、competing origins を topology 上で再現して観測します。初級コースの 3 本目として、同じ prefix に複数 path が見える状態を自分の手で確認するページです。

位置づけ: Beginner Lab 03 / 3

先に読む RFC: RFC 4271 Sections 1, 3, 4, 5, 9; RFC 7908

前の lab: Route Appearance, Withdrawal, and Return

難易度: hands-on 中級

想定時間: 45-60 分

前の lab

What this lab is for

Lab 03 creates a controlled competing-origin case: AS65001 and AS65003 both advertise 203.0.113.0/24, while AS65002 observes both paths.

r2 BGP table

Network          Next Hop            Path
*> 203.0.113.0/24   10.0.12.1          65001 i
*                   10.0.23.2          65003 i

The point is not to call every competing origin an attack. The point is to notice that a BGP table can show multiple origin ASNs for the same prefix without proving which origin is authorized.

The experiment

Three routers are enough to make the question concrete. r1 originates the documentation prefix from AS65001, r3 originates the same prefix from AS65003, and r2 compares the resulting paths.

Router	Role
`r1`	`AS65001`, originates `203.0.113.0/24`.
`r2`	`AS65002`, observes two paths for the same prefix.
`r3`	`AS65003`, also originates `203.0.113.0/24`.

Verified result

The verified run captured on 2026-05-09 shows two valid paths on r2. FRRouting selected the AS65001 path as best in that run.

selected path

Paths: (2 available, best #1, table default)
65001 via 10.0.12.1: valid, external, best (Router ID)
65003 via 10.0.23.2: valid, external

Safety note: 203.0.113.0/24 is a documentation prefix. The lab keeps it inside a local environment and does not advertise anything to the public Internet.

Open the full Lab 03 walkthrough

Why it matters

A competing-origin observation raises the first route-leak question: seeing a prefix in BGP is not the same as knowing who is allowed to originate it. The next step is RPKI origin validation.

Lesson navigation

この先に RPKI を広げるとしても、初級コースとしてはまず BGP の hands-on をここまでで一度閉じます。

Back to Lab 02