BGP static route from ISP and redistribute into OSPF

Discussion in 'Cisco' started by alejabad, Mar 19, 2008.

  1. alejabad

    alejabad Guest

    Greetings from NYC...

    I am testing out a scenario that involves BGP peering but instead of
    getting a full routing table, i'm going for a default route (not a
    very high end router). This is actually my first time trying this so
    please pardon any intro questions.

    My test lab is going to be from EXT Router >BGP< CORE Router >OSPF<
    INTERNAL Router .

    At this point i'm able to peer with between EXT and CORE via BGP and
    have a static route on B that points to the neighbor A's interface.
    Assuming that this is the way it's configured in the real world i'm
    able to ping out to the internet. At the same time, from CORE i'm able
    to ping backwards into INTERNAL's loopback via OSPF.

    My goal is to make my INTERNAL ospf network get out to the internet
    via my BGP network but seems easier said that done because I can't get
    pass my CORE.

    This is what my CORE looks like after a few test scenarios...

    interface Loopback0
    ip address 10.0.0.2 255.255.255.255
    !
    interface Loopback1
    ip address 2.2.2.2 255.255.255.255

    router ospf 200
    log-adjacency-changes
    redistribute bgp 200 subnets
    network 10.0.0.2 0.0.0.0 area 1
    network 10.20.10.2 0.0.0.0 area 1
    !
    router bgp 200
    no synchronization
    bgp log-neighbor-changes
    network 2.2.2.2 mask 255.255.255.255
    redistribute static
    neighbor 10.10.10.1 remote-as 100
    neighbor 10.10.10.1 route-map as100only in
    neighbor 10.10.10.1 route-map localorigBGProutestoPeer out
    no auto-summary
    !
    no ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    !
    ip as-path access-list 10 permit ^$
    ip as-path access-list 20 permit ^100$
    !
    !
    route-map localorigBGProutestoPeer permit 10
    match as-path 10
    !
    route-map as100only permit 10
    match as-path 20
    !

    a few questions...

    Do I need to create a bgp default route using the "default-information
    originate" or just use the default route I have on the router "ip
    route 0.0.0.0 0.0.0.0 10.10.10.1" ? (like I was trying just now)

    What is the proper way to redistribute the correct answer into OSPF so
    my lan can get out to the internet?


    I appreciate any information that would assist me.
     
    alejabad, Mar 19, 2008
    #1
    1. Advertisements

  2. alejabad

    Merv Guest

    from the CORE router post the output of:

    sh version

    sh ip bgp

    sh ip route


    You do not have to redistribute BGP into OSPF and if you are learning
    default from EXT you should not have to configure a default via a
    static route

    Remove both redistribute commands

    Under OSPF routing process, configure default-info originate always

    OSPF will advertise a default route to the rest of your network
    drawing outbound traffic
    to the CORE router. From there the default learned by BGP will take
    over


    see Cisco docs "How Does OSPF Generate Default Routes?"

    http://www.cisco.com/warp/public/104/21.html


    After you have made these changes, if you are still having issues
    then post the ouput of the following commands from CORE:

    sh version

    sh ip bgp

    sh ip route

    show ip ospf database self-originate
     
    Merv, Mar 19, 2008
    #2
    1. Advertisements

  3. alejabad

    alejabad Guest

    Hi,
    That worked great! Just to clarify, if I was getting a full bgp
    routing table, then I would need to create a default route and
    distribute into ospf? what about from ospf to bgp?

    Thanks
     
    alejabad, Mar 20, 2008
    #3
  4. alejabad

    Merv Guest


    .. NEVER redistribute BGP into your interior routing protocol - in this
    case OSPF

    .. to announce your routes to your ISP via BGP you would configure
    "summary routes"
    ip route <your block or routes> < mask> null0

    and then announce via BGP network command
     
    Merv, Mar 20, 2008
    #4
  5. alejabad

    Merv Guest

    If you were receiving full BGProutes, your would still use the OSPF
    default-info orig always command

    The default-info orig always does not require you to already have a
    default route configured in your router CORE
     
    Merv, Mar 20, 2008
    #5
  6. alejabad

    Trendkill Guest

    Merv,

    Can't you get away with summarizing in the IGP and then redistributing
    into BGP so that you don't require the null0 route? Not that it makes
    much difference, but I think this would work as well, as then bgp
    would have the exact summary route as its network statement, thus
    following the standard rule of bgp needing to have the exact same
    route in an underlying IGP.
     
    Trendkill, Mar 20, 2008
    #6
  7. alejabad

    Merv Guest

    as long as you have summary routes that do not flap as this is
    critical when announcing your blocks to upstream provider

    "pull-up routes" as they are typically called ( statics cover assigned
    blocks and pointing to null0) are as a classic way of accomplishing
    this
     
    Merv, Mar 20, 2008
    #7
  8. alejabad

    alejabad Guest

    Does that rule apply to IBGP as well? Say I add an IBGP link to
    another CORE that is also connected to my LAN via OSPF and to an EXT
    router via BGP. How would my LAN learn about my IBGP point to point
    network in case it needs to route that way?
     
    alejabad, Mar 20, 2008
    #8
  9. alejabad

    Merv Guest


    Both CORE1 and CORE2 would advertise default to internal network via
    OSPF default-info orig always. AN IBGP peering would be established
    between CORE1 and CORE2.


    Once outbound traffic arrives at CORE1 or CORE2 which let says both
    have full BGP routes, then the traffic will be routed based on BGP
    routes.

    The BGP bestpath selection rule needs to be considered as to which
    route
    will be selected as best and installed into RIB. This will determine
    whether
    EXT1 or EXT2 receives the outbound traffic


    You can control whether you want to route a particular prefix to EXT1
    or EXT2
    based on the setting of local preference for each prefix.

    The default local preference is 100 but this can be modified using
    route-maps.

    And lastly you can control to a certain extent whether returntraffic
    (inbound) arrives via
    EXT1 or EXT2 by using AS prepend on you block annoucement. Clearly you
    would
    need to have more than one block of sufficient size
    (i.e. you have a /23 so annouce two /24 - one to each ISP)
    to use this technique
     
    Merv, Mar 21, 2008
    #9
  10. alejabad

    alejabad Guest

    considering the dual router setup, is it common practice to configure
    the IBGP neighbor with the next hop self command on both CORE's
    pointing to each other? Also, the IBGP IP's would have to be public
    IP's correct?
    Would there be a problem to just announce the same /23 to both ISP's?
    the idea would be to configure one /24 between CORE1 and INTERNAL1 and
    the next /24 betweem the CORE2 and INTERNAL2. I would problably need
    a static route between the CORE's point to each public /24
     
    alejabad, Mar 24, 2008
    #10
  11. alejabad

    Merv Guest

    the /24s would be configured on both CORE routers as using stait
    pointing to null0
    and advertised via BGP to external ISP and to each other via IBGP
    not required
     
    Merv, Mar 25, 2008
    #11
  12. alejabad

    emaldonado70 Guest

    Hey Merv

    Great suggestions on the post.
    One quick question if I may,

    Scenario
    Force all internet traffic out of in this case core 1 which involves
    forcing core 2 to send via IBGP link.
    At the same time prepend as path's on core 2 isp so traffic can return
    via cores 1 isp.
    If the IBGP link goes down, then core 2 will send traffic to it's isp
    but since it's prepending AS then traffic won't come back the same way
    correct? Since the link to isp is not down, all the bgp routers on
    the internet will still use isp1..? If so, can anything be done via
    attributes to remove the prepends so traffic can return the same way
    if IBGP fails?


    ED
     
    emaldonado70, Mar 26, 2008
    #12
  13. alejabad

    Merv Guest

    Having your AS become partitioned is considered bad form so one will
    prevent this fronm occurring by good design

    In this scenario by using multiple physical links between CORE1 and
    CORE2 and if this is on a high end -modular router y using separate
    linecards. Then one would configure the IBGP neighbours using directly
    connnected links addresses instead of using loopbacks as is usually
    the case for IBGP.

    Onemust ensure that once traffic reachs one of the core routers it
    MUST not folllow a path back to internal routers to reach the other
    core if was already routed using a BGP route. Otherwise a routing loop
    will occur.
     
    Merv, Mar 26, 2008
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.