confusion on where to advertise the default route from BGP

Amafsha1 · ‎09-05-2018

Hello, in VIRL i have configured a network that pretty much looks identical and acts just like our prod network. The drawing I have attached pretty much encompasses everything that is in prod and in my configs in VIRL.

So I'm having an issue of confusion of where I should place the default-information originate or network 0.0.0.0/0 or redistribution command in my full iBGP mesh. These cores are peer-linked VPC cores that both need to be able to send all traffic bound to the Datacenter(from the branches) to the firewall, then eventually to the internet. The way this is setup in VIRL, when a branch pops up, the route for that branch nativiley falls into the WRs and cores routing table because they learn it via BGP....so if I'm on the core and I want to get to a branch it works because the routes are there. The problem is the branches knowing about routes on the cores. So pretty much all branches must go up to the core to be able to do anything. there is nothing attached to the WR1/2 except the cores...so all traffic must go toward the cores to get anywhere. So I'm thinking that since the cores have a static default route to the firewall because most of all traffic is bound that way anyways, why not just have the cores advertise the "network 0.0.0.0/0" so that they advertise the default to the rest of the BGP domain so all branches must follow that default route that way to the get to the firewall. I was wondering if anyone could think of a reason of this being a problem.

Example: on core 1, there is a “random router” that talks to the core via EIGRP and the other random router off core 2 doesent do EIGRP but just has a static route to point back to the core. I’m wondering if I put the network command 0.0.0.0/0 under both cores for the BGP process, would that cause any routing loop problems?

Please let me know if this is confusing and more clarification is needed. Thank you in advance

omz · ‎09-05-2018

If I had this setup in VIRL .. I would go ahead and test out all the different scenarios I think of. Do some traceroutes to see the traffic path and if I am concerned with loops.

I don't have a lab or test environment but I would start with advertising on cores as you are thinking and see how things work.

Amafsha1 · ‎09-05-2018

Thank you for the response. I actually did do this and I couldn't find a problem, but unfortunately, I will never be satisfied that easily to expect that because it works in VIRL, this will work in a live network with much more traffic traversal. I will do a lot more testing in the coming nights with it to see if I get any strange routing issues, but so far I have found none. I always like to ask the experts to see if they right off the bat see a flaw.

oh and here's the kicker: VIRL does not support peer-linking vpc type configs... I feel like i could not trust the VIRL configs until they fix that bug so I can use VPC and peer-linking. It does not make it realistic enough for me to be convinced.

omz · ‎09-05-2018

The right approach I guess! :)

Amafsha1 · ‎09-05-2018

Thank you, but Yes, you are defintiley correct and I should've posted that. That's my bad

Larry Sullivan · ‎09-05-2018

I don't see this causing an issue. Lab it up though. When in doubt... lab it out.

Amafsha1 · ‎09-05-2018

Thank you. I edited my comment later to state that since VPC peer-link is not supported in VIRL, I can't be 100% sure that my configs are fully valid.

Amafsha1 · ‎09-05-2018

Yes, thank you. But I edited my comment above to let everyone know that since VIRL does not support VPC peer-link, I can't be 100% sure that successfull labbing will give me solid results in the prod network.

paul driver · ‎09-05-2018

Hello

I am correct that the branch rtr's connect to WR rtrs ,

Are each of these branches in different BGP AS?

If so you could advertise from either WR rtr a default-originate on a neighbor peer basis to each Branch and each branch then can choose what default to except as it primary path

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Amafsha1 · ‎09-05-2018

Hello, I am not exactly certain of your question.

So the branches connect back to here datacenter via the MPLS cloud provided to us by our ISP.

Our WRs/cores are in BGP AS 65425 and we peer up with the ISP routers who are on AS 200. All our branches are also on BGP 65425. Some branches are not BGP enabled, but just have a static route pointing to ISP router.

So you're saying for me to configure the neighbor x.x.x.x default originate on the 2 WRs pointing to the ISP neighbors. So this just advertises the default route to the 2 ISP neighbors which in turn brings the traffic back into the DC. That sounds good, but what about from the WRs up to the cores? all traffic must go to the core to get to the firewall and other stuff..

Thank you for your help