BGP - What is the recommended design or setup?

alexloh83 · ‎09-11-2012

Hi folks,

Please see the attachment for the network diagram.

Sorry, I am lacking experience in BGP and now I am trying to figure out what should be the ideal and recommended design.

Hope you guys can help and advise....thanks

Scenario:

- Having two Internet Service Provider with two ASN

- Having one idenpendant IPv4 public address

- Having two Internet Cisco Router e.g. 2811

- Having two Cisco ASA Firewall e.g. 5510

Giuseppe Larosa · ‎09-11-2012

Hello Alex,

a good starting point is given by the following document

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml#configs

You need an iBGP session between your two border routers and a way to provide a default gateway to internal network.

One possible way is to use HSRP to provide a next-hop to the ASA pair as explained in the document above.

Another possible option is to use an IGP EIGRP or OSPF to generate a default route in the IGP from the border routers and to have it propagated via the ASA to the internal network to other network devices ( this means running the IGP also on the ASA pair).

Also consider for the BGP multihoming part the following doc that shows the various options (internet full table, only default route or default route + selected routes)

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml

Hope to help

Giuseppe

alexloh83 · ‎09-11-2012

Hi Giuseppe,

Thanks for your reply, the option one look good.

I tried using GNS to simulate this and below is the configuration on my Internet Router.

I configured the ISP A and ISP B router to only propagate default route to my Internet Router (Router A & Router B)

So from my router, I only received default route.

On top of that, I configured HSRP on my router and a static route throw the independant IPv4 to Cisco ASA.

And I configured a default route from Cisco ASA to HSRP VIP.

Do you think my config correct? anything what can fine tune?

Router A

interface FastEthernet1/0

ip address 80.0.0.2 255.255.255.240

duplex auto

speed auto

standby 1 ip 80.0.0.1

standby 1 priority 110

standby 1 preempt delay minimum 60

standby 1 track Serial0

!

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 40.0.0.0 mask 255.255.255.0

neighbor 100.1.1.1 remote-as 8001

neighbor 80.0.0.3 remote-as 65001

neighbor 80.0.0.3 next-hop-self

no auto-summary

!

ip route 40.0.01 255.255.255.0 80.0.0.5

RouterB

interface FastEthernet1/0

ip address 80.0.0.3 255.255.255.240

duplex auto

speed auto

standby 1 ip 80.0.0.1

standby 1 preempt

!

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 40.0.0.0 mask 255.255.255.0

neighbor 200.1.1.1 remote-as 9001

neighbor 80.0.0.2 remote-as 65001

neighbor 80.0.0.2 next-hop-self

no auto-summary

!

ip route 40.0.0.0 255.255.255.0 80.0.0.5

Giuseppe Larosa · ‎09-13-2012

Hello Alex,

your configuration template is correct.

I would just add a route-map to accept only the default route from providers on the eBGP sessions.

ip prefix-list ONLY-DEFAULT permit 0.0.0.0/0

route-map INTERNET-IN permit 10

match ip address prefix ONLY-DEFAULT

router bgp 65001

neigh route-map INTERNET-IN in

Hope to help

Giuseppe