Re: Redist. OSPF into BGP -- matching and prepending
- From: Slade Wilson <frog@xxxxxxxx>
- Date: Mon, 20 Mar 2006 13:48:38 +0000 (UTC)
Hello Charlie,
"Christopher Heer" <frog@xxxxxxxx> wrote in message
news:2168986d100c8c819623d328e4c@xxxxxxxxxxxxxxx
Customer has two locations; let's call them 10 Main St. and 20 Main
St. Customer has its own OSPF network which connects the two.
I have an MPLS network and am providing WAN connectivity to
customer's many locations (not just those two). I use eBGP on the
WAN.
are you really sure of that? it's quite typical that MPLS routers
speak iBGP to each other, except if you network is large and you have
confederation borders, then you run eBGP at the border, but still iBGP
within sub-AS.
100% certain. All CE routers in our MPLS network run using a private AS (same on all in a region, but we have ASN override configured at the PERs so that one CE can see the routes originated by another) and the core runs a public AS. Config snippits below.
Customer is tagging the routes with, let us say, "10" if they
originate from 10 Main St and "20" if they originate from 20 Main St.
What I want to do is advertise both sites of routes out of both
locations, but do it in such
it's a bit confusing. if routes belong to 10 Main St., then why should
20 Main St. advertise them. Is there some backdoor link between these
locations that doesn't go via your MPLS cloud?
Exactly. So the idea is, we want the WAN link for 10 Main to be the preferred path for "10" routes and 20 Main to be the preferred route for "20" routes, but if either link goes down we want failover.
a way that the 10 routes are preferred out of 10 and the 20 routes
are preferred out of 20. I also want to filter them inbound from the
WAN -- in other words, I never want my CE router at 10 to learn any
routes that 20 is advertising out, and vice versa.
what should each CE learn then, only default?
From the WAN, each CE should learn about other remote locations. But the10 Main route shouldn't learn routes from 20 Main, and vice versa.
My initial thought was that I would prepend a private AS to the
routes advertised out, and filter that private AS inbound (to avoid
the looping), and set MEDs outbound such that 10 routes advertised
out of 10 would have a MED of 100, 20 routes advertised out of 10
would have a MED of 200, 10 routes advertised out of 20 would have a
MED of 200, and 20 routes advertised out of 20 would have a MED of
100. I tried this using an outbound route-map on my BGP neighbor
statements, but evidently you cannot match tags on an outbound BGP
route-map.
if you indeed use confederations and try to prepend AS corresponding
to one of the confederations, then it won't work as path along
sub-AS's still considered as single AS (so they're equal).
We're not using confederations, so I would expect the prepending to work. But I'm clearly missing something.
I have
found that mapping tags to local-pref and community works very
reliable; it's also very flexible to support virtually any IGP as long
as it allows piggybacking tags to route advertisements. If you want to
go down this road, then you need at least two tags and two communities
that correspond to local-pref smaller than 100 and greater than 100.
You construct a route-map for redistributing from your IGP to BGP to
match tag and set both community and local-pref (community is
necessary if you want to match these routes at the other end when
they're redistributed back from BGP into some IGP). Next you need a
route-map for performing reverse redistribution from BGP to IGP.
This might be feasable, although looking at the configs the customer appears to be setting community values for some other purpose I have yet to identify. So I shall have to tread carefully.
No complaints from the router...but the prepending doesn't actually
seem to be working at all. Now I get routes looping (in other words,
at 20 Main I learn some "10" routes which I advertise out to the WAN,
and 10 Main is picking those up via eBGP and ignoring the OSPF routes
altogether) due to a route race condition. If I go to a third
location and do a "show ip bgp" on any of the routes, the private AS
isn't in the AS path at all.
I'm really curious how does eBGP come here as usually PE run iBGP. If
you provide a bit more details on what you trying to achieve
(including ASCII network diagram and rough addressing plan), I might
be able to help. PE-CE routing solutions that I've designed for our
network are quite flexible to address most common scenarios, so we can
try to match it to your problem.
OK, diagram (apologies -- used to Visio!):
/----\ /----\
-|cust|--LAN--| 20 | --DS3--\
/ |rtr | OSPF \----/ eBGP \
| \----/ ASN \
[ Back ] 65400 \
[ Door ] /-------\
[ Link ] | MPLS |
| | ASN |
| | 100 |
\ /----\ /----\ \-------/
-|cust|--LAN--| 10 | --DS3--/ \
|rtr | OSPF \----/ eBGP \
\----/ ASN \--[ other remote sites ]
65400
10 and 20 are my CERs. For the sake of argument, let's assume the following IP addresses:
Cust LAN at 10: 192.168.1.1/30
CER LAN at 10: 192.168.1.2/30
CER WAN at 10: 172.16.1.2/30
PER WAN at 10: 172.16.1.1/30
Cust LAN at 20: 192.168.1.5/30
CER LAN at 20: 192.168.1.6/30
CER WAN at 20: 172.16.1.6/30
PER WAN at 20: 172.16.1.5/30
CER Config at 10:
router ospf 1
network 192.168.1.0 0.0.0.3 area 0
redistribute bgp 65400 metric 500 metric-type 1 subnets route-map bgp2ospf
router bgp 65400
network 192.168.1.0 mask 255.255.255.252
network 172.16.1.0 mask 255.255.255.252
redistribute ospf 1 match internal external 1 external 2 neighbor 172.16.1.1 remote-as 100
neighbor 172.16.1.1 soft-reconfiguration inbound
neighbor 172.16.1.1 filter-list 1 in
ip as-path access-list 1 deny _65450_
ip as-path access-list 1 permit .*
route-map ospf2bgp permit 10
match tag 20
set as-path prepend 65450 65450
route-map ospf2bgp permit 20
match tag 10
set as-path prepend 65450
CER Config at 20:
router ospf 1
network 192.168.1.4 0.0.0.3 area 0
redistribute bgp 65400 metric 500 metric-type 1 subnets route-map bgp2ospf
router bgp 65400
network 192.168.1.4 mask 255.255.255.252
network 172.16.1.4 mask 255.255.255.252
redistribute ospf 1 match internal external 1 external 2 neighbor 172.16.1.5 remote-as 100
neighbor 172.16.1.5 soft-reconfiguration inbound
neighbor 172.16.1.5 filter-list 1 in
ip as-path access-list 1 deny _65450_
ip as-path access-list 1 permit .*
route-map ospf2bgp permit 10
match tag 10
set as-path prepend 65450 65450
route-map ospf2bgp permit 20
match tag 20
set as-path prepend 65450
Sure seems like it ought to work to me...
--me
.
- Follow-Ups:
- Re: Redist. OSPF into BGP -- matching and prepending
- From: Charlie Root
- Re: Redist. OSPF into BGP -- matching and prepending
- From: Slade Wilson
- Re: Redist. OSPF into BGP -- matching and prepending
- References:
- Re: Redist. OSPF into BGP -- matching and prepending
- From: Charlie Root
- Re: Redist. OSPF into BGP -- matching and prepending
- Prev by Date: Re: Cisco 2500 help/Newbie, thanks for the help in advance
- Next by Date: Re: Redist. OSPF into BGP -- matching and prepending
- Previous by thread: Re: Redist. OSPF into BGP -- matching and prepending
- Next by thread: Re: Redist. OSPF into BGP -- matching and prepending
- Index(es):
Relevant Pages
|
Loading
