Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1550
Views
5
Helpful
2
Replies

MPLS - Default Route Advertisement

jamie.honeycutt
Level 1
Level 1

‎05-11-2007 05:11 AM

Hi,

We're in the process of moving a large portion of our network to MPLS from GRE/IPSEC VPN. As it stands, I have a 7206 that has about 130 VPN tunnels terminating in it running EIGRP. I just installed a full DS3 terminating in this router and enabled BGP to our ISP. My question is what would be the best way to advertise a default route to my MPLS sites. All sites will gain Internet access from our hub DS3 site. Since our hub router is a VPN router connected directly to the Internet, I've setup policy routing to send traffic over to our firewall that is not within the range of our internal network (VPN router will have all of our network routes in its routing table). Is this the most efficient way of doing it? As to my original question, I was thinking I could set my BGP network statement to net 0.0.0.0 mask 0.0.0.0 and BGP would handle the rest since I have a static default route pointing to our upstream Internet routers. Once traffic arrives at our router from the MPLS network, it will be passed by normal routing to the correct network and anything that doesn't match that will be pushed to our firewalls. I am dumping BGP routes into EIGRP but not vice versa (minimize routes in the MPLS VPN) since this is a hub router for MPLS. The default route will be filtered out of my redistribution b/c it doesn't match my bgp-to-eigrp route-map. Sound right? Is there a better way to do it I'm missing?

Here is a portion of the config:

route-map bgp-to-eigrp permit 10

match ip address 50

!

route-map MPLS-to-Internet permit 10

match ip address 100

set ip next-hop 10.X.X.3 (firewall)

access-list 50 permit 10.0.0.0 0.255.255.255

access-list 50 permit 12.0.0.0 0.255.255.255

access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255

access-list 100 permit ip 10.0.0.0 0.255.255.255 any

router eigrp 1

redistribute bgp XXXX1 route-map bgp-to-eigrp

passive-interface Serial1/0 (my MPLS DS3 interface)

network 10.0.0.0

network 12.X.X.X 0.0.0.3

default-metric 10000 100 255 1 1500

no auto-summary

!

router bgp XXXX1

no synchronization

bgp log-neighbor-changes

network 0.0.0.0 mask 0.0.0.0 (this is my plan)

neighbor 12.X.X.X remote-as 7018

no auto-summary

ip route 0.0.0.0 0.0.0.0 X.X.X.1 (bypasses firewall)

Thanks,

Jamie

Labels:
0 Helpful
2 Replies 2

mohammedmahmoud
Level 11
Level 11

‎05-11-2007 05:25 AM

Hi Jamie,

Nice design and planing :)

Generally, a default route can be originated from a BGP neighbor in 3 ways:

1. default-information originate + redistribute static (or any dynamic routing protocol having the default route - you may filter only the default route)

2. network command but must make sure the default route is present in the routing table

3. Another way of advertising a default route to a specific BGP neighbor is by issuing the neighbor default-originate command. This method does not require the presence of the 0.0.0.0/0 network in the routing table of the advertising router.

The configuration of the default-information originate command in BGP is similar to the configuration of the network (BGP) command. The default-information originate command, however, requires explicit redistribution of the route 0.0.0.0. The network command requires only that the route 0.0.0.0 is present in the Interior Gateway Protocol (IGP) routing table. For this reason, the network command is preferred.

NOTE If you are using the "default-information originate" the default route must be in the routing table, but if using the "default-originate" in front of a neighbor the default route doesn't need to be in the routing table.

NOTE The only purpose of the "default-information originate" command in BGP is to allow the redistribution of the default route in BGP. The "neighbor default-originate" command on the other hand, does advertise the default route to the specific neighbor whether it is present in BGP or not.

NOTE The default route generated via the default-originate command is kind of considered a special case and is therefore not submitted to the outbound route-map. You have two options if you want to prepend the default route.

HTH, please rate all helpful replies,

Mohammed Mahmoud.

jamie.honeycutt
Level 1
Level 1
In response to mohammedmahmoud

‎05-11-2007 09:35 AM

Mohammed,

Thanks for your help and the compliment.

I called TAC and ran it by them too. I'm going with option 2 which was also recommended by TAC.

-Jamie

0 Helpful
Customers Also Viewed These Support Documents