BGP-Help

Anukalp S · ‎10-15-2014

Hi.. I have been facing some issue hence approached you to find solution. I have a CE router running BGP to MPLS service provider. Earlier i was having one mpls circuit to ISP on this CE. Now i have taken another mpls circuit to same provider to make it secondary. Now issue i am facing is that since i am redistributing my ospf lan segments into BGP so these prefixes i am receiving back from secondary peer which is unnecessary. Pls help me how i could stop prefixes from receving back from secondary peer which is being advertised to primary peer and vice versa.

I cannot create access-list or prefix list since there are hundreds of prefixes.

R1#router bgp 65100

neighbour 172.25.1.1 remote-as 3422

neighbour 172.25.1.1 weight 500

neighbour 172.25.1.9 remote-as 3422

redistribute ospf 1 match internal external 1 external 2

router ospf 1

redistribute bgp 65100 subnets

Tagir Temirgaliyev · ‎10-16-2014

you can prevent prefixes originating from bgp as 65100 (originating from your own as)

Anukalp S · ‎10-17-2014

Thanks for help Tagir.. Could you share config example to achieve this.

Pls note that i have others locations connected to this MPLS cloud and those locations also running ASN 65100. So applying your suggestion should not make impact in receiving other locations prefixes.

milan.kulik · ‎10-19-2014

Hi, IMHO, you problem probably is caused by the design where all your sites are using the same AS number 65100. In that case the MPLS provider needs to use neighbor ... as-override command, which replaces your AS number by the provider AS number when advertising the prefixes to you. So the provider treats your site primary and secondary routers as two different sites and advertises the prefixes received from the primary router to the secondary and vice versa. I can see two ways how to overcome this situation: 1) Tag the prefixes advertised from the primary by some BGP community or some special AS number prepended. The secondary router would match the tagged prefixes to deny redistribution to OSPF. Biut this solution would require the provider to keep the tag on the prefixes while advertised to your secondary router. b) You could establish iBGP session between your primary and secondary routers. And configure an incoming route-map on the secondary router to prefer the local prefixes (empty AS_PATH, ^$) received from iBGP over the same prefixes received from eBGP. The iBGP prefixes are not redistributed from BGP to OSPF by default. So I believe b) might be a simple solution to your problem. Best regards, Milan

Anukalp S · ‎10-20-2014

Hi Milan.. I am using single router(CE) which has two circuits(primary & secondary) not two routers as you explained above. So does your above suggestion apply on single CE router too. If yes, could you share config example.

milan.kulik · ‎10-20-2014

Hi,

actually, the easiest way woul dbe to ask your provider to configure SoO attribute on his PEs for you.

See http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htbgpsoo.html#wp1054894

If he refuses, thea ask a question regarding BGP communities: If you add some community when advertising from the primary router, will that be kept with the prefix by the provider and advertised to the secondary router?

If yes, you could match by the community.

You could also use some AS number prepended, but again, would the provider accept a prefix with something more than 65100 within the AS_PATH?

Last chance:

If nothing above is possible, you could conbfigure the AD for OSPF on your router to be better than teh eBGP AD (20 by default).

In that case even if the primary line fails and you would receieve your own prefix from the secondary line via eBGP, the same prefix received from OSPF would beat it.

Best regards,

Milan