Solved: Conditional default-originate route-map

csthomas · ‎03-24-2009

I'm sure this is a FAQ, but I've been unable to find anything posted.

I have two routers (r1 & r2) in a private AS. My ISP provides two routers (pe1 & pe2) in his public AS. R1 has a link (10gb pp ethernet) to pe1, and similarly r2 a link to pe2. I run eBGP on each on each ISP link, and iBGP on my link between r1 and r2. My ISP sends me a default route on each link. This works fine when everything is up.

If one of my links to my ISP is down, I want the traffic on that router to flow to my other router and out that ISP link. Eg, if r1 <-> pe1 is down, use r1 <-> r2 <-> pe2, and vice versa. In essence, I want to do a conditional originate-default on the iBGP link, with the condition being that the originating iBGP in fact is getting a default route from its ISP router. (I am not particularly concerned about load balancing at this point.)

My problem is I have not figured out how to specify the condition. In addition to the default route, I also get some /16s from my ISP. If I use a route-map with a match on one of the /16s, I can't tell whether that /16 is coming from say r1 directly, or r2 over the iBGP link. Is there a way to write a route-map to say match only if the route is from the directly attached ISP router?

I don't want to test just for interface up/down, as it's possible to have an interface up but no BGP link. I thought about just using low-priority static defaults on r1/r2 which would get overridden by the ISP default when the BGP link is operational, but in the case that both pe1 and pe2 are down, then I wind up with dueling static routes (ie, a loop).

Any suggestions appreciated!

Chris Thomas, network engr, UCLA

Giuseppe Larosa · ‎03-25-2009

Hello Chris,

>> BGP won't redistribute a default route

yes but once a default route is in the BGP table it should be treated as any other prefix and passed to other neighobors

propagation of a received BGP route is not a form of redistribution I'm out of office now but tomorrow I can check in our DMZ.

I remember the most difficult part is to have a router to inject a default route in BGP.

But once it is on the table it is propagated as any other BGP route

As a safe step you could even use

router bgp xx

network 0.0.0.0 backdoor

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎03-25-2009

Hello Chris,

I think you should simply let the iBGP session to carry the default route:

when r1-pe1 is down R1 can use the default route on the iBGP session from R2 that can propagate the route received by PE2.

use neighbor weight for PE1 ip address command to allow for a successful restore.

r1

neighbor pe1-address weight 500

R2:

neighbor pe2-address weight 500

eventually change the route filter on the iBGP session to allow the default route.

Hope to help

Giuseppe

csthomas · ‎03-25-2009

Giuseppe,

That's exactly what I want to do: pass the default I get from my ISP over the iBGP link to my other router. However, I don't know how to accomplish this.

As far as I know, BGP won't redistribute a default route. The only way to accomplish this is "neighbor xxx default-originate". But this advertises a default unconditionally. One can make default-originate conditional only by using a route map. (Default-originate isn't subject to normal out filters, for example.)

/Chris

An ugly way to solve my problem would be to get a full route table from my ISP instead of the default route, but this seems overkill for what I want to accomplish.

Giuseppe Larosa · ‎03-25-2009

Hello Chris,

>> BGP won't redistribute a default route

yes but once a default route is in the BGP table it should be treated as any other prefix and passed to other neighobors

propagation of a received BGP route is not a form of redistribution I'm out of office now but tomorrow I can check in our DMZ.

I remember the most difficult part is to have a router to inject a default route in BGP.

But once it is on the table it is propagated as any other BGP route

As a safe step you could even use

router bgp xx

network 0.0.0.0 backdoor

Hope to help

Giuseppe

csthomas · ‎03-25-2009

Hmm, I haven't tried adding a "network 0.0.0.0" to my iBGP and seeing if that will propagate if the ISP link is up. I'll try that. And thanks for the 'backdoor' hint.

csthomas · ‎03-25-2009

By the way, in case it matters, r1 is is c6509/720 with 12.2(33)SXI, and r2 is a Nexus 7000 with NX 4.1(3).

Formerly, there was only r1, with both ISP links landing there. That made the BGP part so much simpler...

csthomas · ‎03-26-2009

Giuseppe,

Adding a network 0.0.0.0 (and removing the default-originate) seems to do exactly what I need. I need to wait until scheduled test-time so I can actually down the interfaces and verify, but it looks fine.

Thanks!!

/Chris Thomas, UCLA

lamav · ‎03-26-2009

Chris:

R1 and R2 are going to learn two default routes, one from the eBGP neighbor, the ISP, and the other from its iBGP neighbor. There's no configuration necessary for that. Nor do any conditions need to be set.

For example, R1 has 2 default routes in its BGP table, but it puts the one learned from its eBGP neighbor in the routing table, assuming all things equal. If its connection to the ISP fails, it will automatically place the iBGP-learned default route in its routing table. No condition needs tobe set because if it werent for the fact that R2 is still learning the default from its ISP, it wouldnt be advertising it to R1 and R1 wouldnt have it in its BGP/route table in the first place.

Does this address your concern regarding the default routes?

Im not sure I understand the reuqirements regarding the /16s. What are they?