cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2305
Views
0
Helpful
11
Replies

BGP Study

jay_7301
Level 1
Level 1

Hello,

 

I'm reading up on BGP multihoming . So as a customer I will have 2 different isp's taking a full routing table from both Terminating on 2 different routers running IBGP between them both. I see allot of talk of the dangers of becoming a transit AS so somebody using you to get to another destination. How would you stop this from happening I presume u filter just your internal prefix's to get advertised outbound??  This can as I understand can only be done outbound as you can't really filter anything coming in a the full internet table is huge?

 

Any advice would be much appreciated

 

Thanks

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

That is exactly what you do ie. only advertise your own public IPs to the BGP peers.

Easiest way to do this is just advertise out prefixes with no AS numbers in the path because those will be your internal networks.

Jon

View solution in original post

Hello

Have a look at this -


http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/23675-27.html

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

11 Replies 11

Jon Marshall
Hall of Fame
Hall of Fame

That is exactly what you do ie. only advertise your own public IPs to the BGP peers.

Easiest way to do this is just advertise out prefixes with no AS numbers in the path because those will be your internal networks.

Jon

Thanks for response. Makes total sense. One other question. If you have 3 routers in  your corp network 2 with EBGP sessions and the same 2 routers not directly connected with IBGP neighbours so it will go via the 3rd router which doesn't speak BGP just an IGP like OSPF. On my course material it says this is not a good design as this could blackhole traffic as anything learnt by BGP the ospf speaking router with not have route in it's routing table and will not be able to forward traffic. so the best thing would be to have a direct link between them 2 routers? 

 

Thanks

 

 

Basically yes again to what you say assuming you mean the two routers are peering with IBGP but are not directly connected.

You should not redistribute full internet routing tables into your IGP so in effect if the only path between the IBGP peers is via the 3rd router and if the next hop IPs are on that router it won't work properly.

The L3 next hop bit is important because if it was a L3 switch instead of a router which is a common topology then the same applies but with a switch you have another option.

So for both the router and a L3 switch setup having a direct physical connection using interfaces on each of the BGP routers would work.

With a L3 switch you also have the option of using a a common vlan/IP subnet between the two router's inside interfaces and the L3 switch. So traffic can still be sent direct between the two routers in terms of next hop IPs although it has to go via the switch.

With the common vlan approach it would mean traffic could be sent to one of the BGP routers, it's best route to a remote network is via the other IBGP router so it sends it back out the same interface on the common vlan to the other router.

Funnily enough I posted a question about this setup a while back because I didn't like the idea of traffic being sent back out of the same interface it came in on.

I still don't feel entirely comfortable with it but the consensus seemed to be it was not a particularly bad idea as LAN links are much faster than WAN links.

But personally if possible I would use a direct connection between the routers.

Hope that made sense and I haven't confused you more :-)

Jon

so what you are saying with a router in place this cannot be done?

Instead you would use a layer 2 or 3 switch? create both the LAN facing side of the routers in the same subnet maybe a /30 then create a layer 2 path via your switch so it will not see the switch as the next hop?

Just wondering how do isp's get around this situation with multiple IBGP routers does that mean the have to be directly connected?

Sorry for the slow response been working today. Thanks for all the above commend really appreciate it.

 

Thanks.

It can't be done on the 3rd router if the two connections to the BGP routers are using different IP subnets.

Of course you could run IBGP on the 3rd router and then it would pick the best path but I assumed we weren't talking about ISPs.

Some companies do run IBGP internally to do that but again with full internet routing tables it's often not practical.

ISPs have different ways of handling things and obviously MPLS changes things because there is no need to run BGP in the core of the network at all.

It's a big subject and I by no means understand all of it but, MPLS aside for a moment and using your example above ISPs would run IBGP on R3.

There is an IBGP rule about not being able to advertise a route received from an IBGP peer to another IGBP peer which would mean you literally had to connect every router to every other router which clearly doesn't scale well so ISPs make extensive use of route reflectors and confederations which allows them to ensure all routers have the IBGP roués without the need for every router to have a direct connection to every other router.

Like I say it's a big subject and MPLS is different in that there is no requirement to run BGP on the P routers with the core network but you do need to run it on the PEs and route reflectors etc may well be used.

Jon

Thanks Jon, going back to the switch as the next hop instead of the router if you use an SVI so layer 3 will the router not seen the layer 3 switch as the next hop and black hole traffic as the layer 3 switch will not have a route?

I'm learning more abut IBGP so I'm sure over the next few weeks it will come clear to me.

 

Thanks

 

 

No it won't because the SVI and the two router internal interfaces are all in the same vlan/IP subnet so each router will send traffic direct.

It's only a next hop in terms of a physical device not in terms of a L3 next hop.

Jon

Thanks Jon,

I didn't realize I still thought as SVI is layer 3  it would of seen that as the next hop and forward traffic here not direct between the routers.

Thanks for the above post's. Great help.

No problem and feel free to come back if you have more queries.

Just to clarify though although I suspect it is just a terminology thing an SVI is L3 ie. it the L3 interface for a vlan but the routers don't need to use it because they are in the same IP subnet.

They would only need to use it if the L3 switch had other vlans with SVIs and the routers need to send traffic to devices in those vlans.

Jon

Hello

Just like to add to Johns posting:...

I have been testing something similar in my ccie studies...

Between internal routers 1-2-3- you could run an IGP for NLRI access and as suggested by John (rip/ospf/eirgp) and then put all 3 routers in a IBGP AS peering session

Then you use a feature called next-hop self on the two CE routers 1-2 towards each other and the 3rd router (3) which would give that 3rd router it next hop addressing as 1 and 2.

 

Now lets say all routes from r3 point towards R1, you can manipulate this by using the following: - BGP cost extended-community attribute to specify what route goes via which router

 

Example:

pick a route(s)

access-list 10 permit 1.1.1.0.0.0.0.255

route-map extcost 10
match ip address 10
set extcommunity cost 1 1

route-map extcost 99

router bgp xxx ( ibgp as)
neighbour x.x.x.x( router2) route-map excost in

 

hope is helps

res

Paul
 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello

Have a look at this -


http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/23675-27.html

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul