BGP static route from ISP and redistribute into OSPF

Greetings from NYC...

I am testing out a scenario that involves BGP peering but instead of getting a full routing table, i'm going for a default route (not a very high end router). This is actually my first time trying this so please pardon any intro questions.

My test lab is going to be from EXT Router >BGP< CORE Router >OSPF< INTERNAL Router .

At this point i'm able to peer with between EXT and CORE via BGP and have a static route on B that points to the neighbor A's interface. Assuming that this is the way it's configured in the real world i'm able to ping out to the internet. At the same time, from CORE i'm able to ping backwards into INTERNAL's loopback via OSPF.

My goal is to make my INTERNAL ospf network get out to the internet via my BGP network but seems easier said that done because I can't get pass my CORE.

This is what my CORE looks like after a few test scenarios...

interface Loopback0 ip address 10.0.0.2 255.255.255.255 ! interface Loopback1 ip address 2.2.2.2 255.255.255.255

router ospf 200 log-adjacency-changes redistribute bgp 200 subnets network 10.0.0.2 0.0.0.0 area 1 network 10.20.10.2 0.0.0.0 area 1 ! router bgp 200 no synchronization bgp log-neighbor-changes network 2.2.2.2 mask 255.255.255.255 redistribute static neighbor 10.10.10.1 remote-as 100 neighbor 10.10.10.1 route-map as100only in neighbor 10.10.10.1 route-map localorigBGProutestoPeer out no auto-summary ! no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 10.10.10.1 ! ip as-path access-list 10 permit ^$ ip as-path access-list 20 permit ^100$ ! ! route-map localorigBGProutestoPeer permit 10 match as-path 10 ! route-map as100only permit 10 match as-path 20 !

a few questions...

Do I need to create a bgp default route using the "default-information originate" or just use the default route I have on the router "ip route 0.0.0.0 0.0.0.0 10.10.10.1" ? (like I was trying just now)

What is the proper way to redistribute the correct answer into OSPF so my lan can get out to the internet?

I appreciate any information that would assist me.

Reply to
alejabad
Loading thread data ...

from the CORE router post the output of:

sh version

sh ip bgp

sh ip route

You do not have to redistribute BGP into OSPF and if you are learning default from EXT you should not have to configure a default via a static route

Remove both redistribute commands

Under OSPF routing process, configure default-info originate always

OSPF will advertise a default route to the rest of your network drawing outbound traffic to the CORE router. From there the default learned by BGP will take over

see Cisco docs "How Does OSPF Generate Default Routes?"

formatting link

After you have made these changes, if you are still having issues then post the ouput of the following commands from CORE:

sh version

sh ip bgp

sh ip route

show ip ospf database self-originate

Reply to
Merv

Hi, That worked great! Just to clarify, if I was getting a full bgp routing table, then I would need to create a default route and distribute into ospf? what about from ospf to bgp?

Thanks

Reply to
alejabad

. NEVER redistribute BGP into your interior routing protocol - in this case OSPF

. to announce your routes to your ISP via BGP you would configure "summary routes" ip route < mask> null0

and then announce via BGP network command

Reply to
Merv

If you were receiving full BGProutes, your would still use the OSPF default-info orig always command

The default-info orig always does not require you to already have a default route configured in your router CORE

Reply to
Merv

Merv,

Can't you get away with summarizing in the IGP and then redistributing into BGP so that you don't require the null0 route? Not that it makes much difference, but I think this would work as well, as then bgp would have the exact summary route as its network statement, thus following the standard rule of bgp needing to have the exact same route in an underlying IGP.

Reply to
Trendkill

as long as you have summary routes that do not flap as this is critical when announcing your blocks to upstream provider

"pull-up routes" as they are typically called ( statics cover assigned blocks and pointing to null0) are as a classic way of accomplishing this

Reply to
Merv

Does that rule apply to IBGP as well? Say I add an IBGP link to another CORE that is also connected to my LAN via OSPF and to an EXT router via BGP. How would my LAN learn about my IBGP point to point network in case it needs to route that way?

Reply to
alejabad

Both CORE1 and CORE2 would advertise default to internal network via OSPF default-info orig always. AN IBGP peering would be established between CORE1 and CORE2.

Once outbound traffic arrives at CORE1 or CORE2 which let says both have full BGP routes, then the traffic will be routed based on BGP routes.

The BGP bestpath selection rule needs to be considered as to which route will be selected as best and installed into RIB. This will determine whether EXT1 or EXT2 receives the outbound traffic

You can control whether you want to route a particular prefix to EXT1 or EXT2 based on the setting of local preference for each prefix.

The default local preference is 100 but this can be modified using route-maps.

And lastly you can control to a certain extent whether returntraffic (inbound) arrives via EXT1 or EXT2 by using AS prepend on you block annoucement. Clearly you would need to have more than one block of sufficient size (i.e. you have a /23 so annouce two /24 - one to each ISP) to use this technique

Reply to
Merv

considering the dual router setup, is it common practice to configure the IBGP neighbor with the next hop self command on both CORE's pointing to each other? Also, the IBGP IP's would have to be public IP's correct?

Would there be a problem to just announce the same /23 to both ISP's? the idea would be to configure one /24 between CORE1 and INTERNAL1 and the next /24 betweem the CORE2 and INTERNAL2. I would problably need a static route between the CORE's point to each public /24

Reply to
alejabad

no

the /24s would be configured on both CORE routers as using stait pointing to null0 and advertised via BGP to external ISP and to each other via IBGP

not required

Reply to
Merv

Hey Merv

Great suggestions on the post. One quick question if I may,

Scenario Force all internet traffic out of in this case core 1 which involves forcing core 2 to send via IBGP link. At the same time prepend as path's on core 2 isp so traffic can return via cores 1 isp. If the IBGP link goes down, then core 2 will send traffic to it's isp but since it's prepending AS then traffic won't come back the same way correct? Since the link to isp is not down, all the bgp routers on the internet will still use isp1..? If so, can anything be done via attributes to remove the prepends so traffic can return the same way if IBGP fails?

ED

Reply to
emaldonado70

Having your AS become partitioned is considered bad form so one will prevent this fronm occurring by good design

In this scenario by using multiple physical links between CORE1 and CORE2 and if this is on a high end -modular router y using separate linecards. Then one would configure the IBGP neighbours using directly connnected links addresses instead of using loopbacks as is usually the case for IBGP.

Onemust ensure that once traffic reachs one of the core routers it MUST not folllow a path back to internal routers to reach the other core if was already routed using a BGP route. Otherwise a routing loop will occur.

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.