cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1652
Views
0
Helpful
9
Replies

Creating iBGP Mesh

Vinayaka Raman
Level 1
Level 1

MPLS 1 and 2 are running eBGP with the PE routers.

I wanted to extend the BGP to the downstream core\distriubtion layer. A full mesh between all of them (MPLS 1 and 2, VSS, N7K1 and N7k2)

N7k1 and N7k2 share a VDC.

If i traceroute from the MPLS 1 to MPLS 2 loopback..it routes via service provider cloud. But i wanted iBGP neighbhorship to be through the

LAN..

So now to create a iBGP mesh,

should i create another loopback on MPLS1 and 2 ?

an SVI on N7k1, 2 and VSS (all in same vlan)

Static routes to for BGP to establisgh neighbhorship as I am planning not to advertise this vlan through IGP because it routes via WAN.

Can you give me some tips ? Please feel free to query more.

Regards Vinayak
9 Replies 9

Edison Ortiz
Hall of Fame
Hall of Fame

You don't need to create another loopback.

If DC1 advertises its loopback to the MPLS Cloud, this prefix should be dropped by DC2 because it contains its own AS.

iBGP means both DCs have the same Autonomous System, right?

I'm assuming you don't have the same AS on both DCs at this moment since your traceoute is taking the MPLS Cloud path -or- you implemented allowas-in?

right now only eBGP is configured...

on DC1 the config is

router bgp 65457

neighbhor dc2_loopback remote-as 65500

on DC2 the config is

router bgp 65457

neighbhor dc1_loopback remote-as 65500

Regards Vinayak

few more questions I have is

for each iBGP neighbhor statement on MPLS 1 and 2, i should be having a next hop self..??

should i have next hop self elsewhere also ?

After iBGP mesh, Will the N7k1, N7k2 and VSS , will see only iBGP routes from the MPLS 1 and 2 ...there will not be any eBGP routes ..is that correct ?

Regards Vinayak

When doing iBGP, the next-hop-self is a best practice.

N7K1 K2 and VSS will see all BGP routes, that is eBGP and iBGP learned routes unless you filtering them per neighbor basis.

I don't understand your configuration snippet.

router bgp 65457

neighbhor dc2_loopback remote-as 65500

on DC2 the config is

router bgp 65457

neighbhor dc1_loopback remote-as 65500

How the remote DC loopback address be in 65500?

Per the configuration, both routers are running 65457.

Is your MPLS Provider doing as-override?

Per your diagram, it looks like you have a physical connection between DCs that don't use the MPLS. Use that for your BGP peering and tell the MPLS Provider to remove the as-override. BGP loop prevention will block routes coming from the remote DC and your traceroute will remain internal. You should advertise your loopbacks in OSPF within the iBGP mesh.

Hi Vinayaka,

on DC1 the config is 

router bgp 65457

neighbhor dc2_loopback remote-as 65500

on DC2 the config is

router bgp 65457

neighbhor dc1_loopback remote-as 65500

This doesn't sound right to me.  The config should be something like below assuming you have both routers in the same AS which is 65457

DC1 Config should be

router bgp 65457

neighbor dc2_loopback remote-as 65457 update source dc1_loopback

neighbor dc2_loopback remote-as 65457 next-hop-self

DC2  config should be

router bgp 65457

neighbor dc1_loopback remote-as 65457 update source dc2_loopback

neighbor dc1_loopback remote-as 65457 next-hop-self

Make sure that the loopbacks are reachable to each other via IGP. Ping them from each other to ensure they are reachable and no packet loss etc.

HTH

Regards

Kishore

Hi vinayaka,

just wondering how did u go with this? DId you read my post and check the configs?

Regards

Kishore

We have droppped the idea of extending iBGP mesh towards core\distribution.

sorry for the late response,,

however, the config is porsted above is not correct...I will post the exact config what is prepared in a while..

Regards Vinayak

We are running eBGP with local as 65457 and remote as 65000

65457 is the local AS for all the CE routers including data centers

65000 is the remote as for all the PE routers including data center

and yes we have as-override configured at service provider end..

so the configuration at

MPLS@DC1

router bgp 65457

neighbhor remote-as 65000

MPLS@DC2

router bgp 65457

neighbhor remote-as 65000

the loopback interface of DC1 and 2 are advertised in the BGP..

when i say traceroute on DC1, it routes via MPLS..

We had plans to extend the BGP to the core\distribution devices..listed in the figure...

So we planned to create

a SVI interface on Nexus 1 and 2 and VSS..all are in the same subnet..

a loopback on DC1 and one on DC2...

static route from DC1 pointing to N7k1 &2 for reachability

static route from DC2 pointing to N7k1 &2 for reachability

and define with neighbhor commands and next-hop self

Regards Vinayak