Hi @Giuseppe Larosa,

I am not using MPLS or any VPN.

I am using BGP between PE-PE and PE-CE. In LAN, I am using OSPF and have redistributed from OSPF to BGP to advertise my LAN routes and redistributed from BGP to OSPF at CE itself. This is working fine but the problem is when I use the default route from R1 to R4 and I want to make this link as primary.

Please suggest what can I do here to make this link R1-R4 as primary for outbound traffic. 

Thanks,

Rinam Shah

Hello @Rinam Shah ,

PE and CE usually refers to MPLS L3 VPN for this reason I thought about it.

>> Please suggest what can I do here to make this link R1-R4 as primary for outbound traffic. 

Use an eBGP session between R1 and R4

on R1 make the peer local preference increased from standard value 100 using neighbor 14.0.0.4 local-preference 200 under router bgp in R1.

Have an iBGP session between R1 and R2

Redistribute eBGP into OSPF in R1 . Have R2 to just generate a default route in OSPF (do not distribute eBGP to OSPF in R2)

The same suggestions I have provided in my previous post are stil valid as the changes are on the "CE" side I have added some more actions

Hope to help

Giuseppe

Hi @Giuseppe Larosa,

I want to use only default route between R1 and R4 and make this link as primary so that in case of link down, it can instantly failover to BGP secondary link. 

I do not want to run dynamic protocol at between R1 and R4. Also, I want to make it as primary link.

Hello @Rinam Shah ,

>> I want to use only default route between R1 and R4 and make this link as primary so that in case of link down, it can instantly failover to BGP secondary link. 

on R2 you need to remove the redistrbution of eBGP into OSPF.

Both R1 and R2 will generate a default-route in OSPF but R1 will use a lower seed metric

R1:

ip prefix-list DEFAULT permit 0.0.0.0/0

access-list 11 remark check next-hop

access-list 11 permit host 14.0.0.4

route-map DEF-CHECK_NHOP permit 10

match address prefix DEFAULT

match next-hop 11

set metric type 1

set metric 50

router ospf 100

network 0.0.0.0 255.255.255.255 area 0

default-information originate route-map DEF-CHECK_NHOP

on R2:

route-map DEF-CHECK_NHOP permit 10

set metric type 1

set metric 5000

router ospf 100

no redistribute bgp 100 subnets

default-information originate DEF-CHECK_NHOP

Please note that R1 needs to speak OSPF with R3 otherwise there is no real solution. Also R4 needs to send a default route in eBGP to R2.

For the lower seed metric R1 will become the preferred exit point from the multihomed site if the link between R1 and R4 fails the static route is removed and the secondary default route generated by R2 with an higher seed metric will kick off.

Hope to help

Giuseppe

Hi @Giuseppe Larosa,

I made the changes as you mentioned and I am able to ping R7 from R3 with primary link as R1-R4. But when I shut the R2's WAN interface Gi0/0, I am not able to reach R7.

Please find the below topology and config along with the output when the R2 interface is shut.

Output:

Gateway of last resort is 10.0.13.2 to network 0.0.0.0

3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/121] via 10.0.13.2, 01:09:53, GigabitEthernet0/0
7.0.0.0/32 is subnetted, 1 subnets
S 7.7.7.7 is directly connected, GigabitEthernet1/0
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.13.0 is directly connected, GigabitEthernet0/0
O 10.0.23.0 [110/240] via 10.0.13.2, 01:09:53, GigabitEthernet0/0
14.0.0.0/30 is subnetted, 1 subnets
C 14.0.0.0 is directly connected, GigabitEthernet1/0
O*E1 0.0.0.0/0 [110/5240] via 10.0.13.2, 00:21:24, GigabitEthernet0/0
Router(config)#do ping 7.7.7.7 so g1/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 14.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/84/100 ms
Router(config)#do ping 7.7.7.7 so g0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 10.0.13.1
.....
Success rate is 0 percent (0/5)

Config:

*******

R3:
***
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf network point-to-point
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface GigabitEthernet0/0
ip address 10.0.13.2 255.255.255.252
ip ospf cost 100
ip ospf 100 area 0
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 10.0.23.2 255.255.255.252
ip ospf cost 120
ip ospf 100 area 0
negotiation auto
!
router ospf 100
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
!
end

R1:
***
!
interface GigabitEthernet0/0
ip address 10.0.13.1 255.255.255.252
ip ospf cost 120
ip ospf 100 area 0
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 14.0.0.1 255.255.255.252
negotiation auto
!
router ospf 100
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
default-information originate route-map DEF-CHECK_NHOP
!
ip forward-protocol nd
ip route 7.7.7.7 255.255.255.255 GigabitEthernet1/0
!
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!
route-map DEF-CHECK_NHOP permit 10
match ip address prefix-list DEFAULT
set metric 50
set metric-type type-1
!
end

R2:
***
!
!
interface GigabitEthernet0/0
ip address 24.0.0.1 255.255.255.252
shutdown
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 10.0.23.1 255.255.255.252
ip ospf 100 area 0
negotiation auto
!
router ospf 100
log-adjacency-changes
redistribute bgp 100
default-information originate route-map DEF-CHECK_NHOP
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 24.0.0.0 mask 255.255.255.252
redistribute connected
redistribute ospf 100
neighbor 24.0.0.2 remote-as 4755
no auto-summary
!
route-map DEF-CHECK_NHOP permit 10
set metric 5000
set metric-type type-1
!
end

R4:
***
!
interface GigabitEthernet0/0
ip address 24.0.0.2 255.255.255.252
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 14.0.0.2 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 172.31.45.2 255.255.255.252
negotiation auto
!
router bgp 4755
no synchronization
bgp log-neighbor-changes
network 14.0.0.0 mask 255.255.255.252
network 24.0.0.0 mask 255.255.255.252
neighbor 24.0.0.1 remote-as 100
neighbor 172.31.45.1 remote-as 4755
neighbor 172.31.45.1 next-hop-self
no auto-summary
!
end

R5:
***
!
interface GigabitEthernet1/0
ip address 56.0.0.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 172.31.45.1 255.255.255.252
negotiation auto
!
router bgp 4755
no synchronization
bgp log-neighbor-changes
network 56.0.0.0 mask 255.255.255.252
neighbor 56.0.0.2 remote-as 200
neighbor 172.31.45.2 remote-as 4755
neighbor 172.31.45.2 next-hop-self
no auto-summary
!
end

R6:
***
!
interface GigabitEthernet0/0
ip address 192.168.67.2 255.255.255.252
ip ospf 100 area 0
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 56.0.0.2 255.255.255.252
negotiation auto
!
router ospf 100
log-adjacency-changes
redistribute bgp 200 subnets
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 56.0.0.0 mask 255.255.255.252
redistribute ospf 100
neighbor 56.0.0.1 remote-as 4755
no auto-summary
!
end

R7:
***
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip ospf network point-to-point
!
interface GigabitEthernet0/0
ip address 192.168.67.1 255.255.255.252
ip ospf 100 area 0
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
no ip address
shutdown
negotiation auto
!
router ospf 100
log-adjacency-changes
network 7.7.7.7 0.0.0.0 area 0
!
end

Hello @Rinam Shah ,

>> I made the changes as you mentioned and I am able to ping R7 from R3 with primary link as R1-R4. But when I shut the R2's WAN interface Gi0/0, I am not able to reach R7.

we need to provide a return path from R7 to R3 for this case.

First of all,

on R4 you need static routes describing all the possible subnets connected to R3 with next-hop R1 on R1-R4 link

on R4:

ip route 10.0.13.0 255.255.255.252 14.0.0.1

ip route 10.0.23.0 255.255.255.252 14.0.0.1

and to redistrbute them in BGP

ip prefix-list SITE1 permit 10.0.13.0/30

ip prefix-list SITE1 permit 10.0.23.0/30

route-map SITE1 permit 10

match address prefix SITE1

router bgp 100

redistribute static route-map SITE1

at the same time R4  needs to avoid  to advertise these subnets to R2 when eBGP session between them is alive.

route-map To-R2 deny 10

match address prefix SITE1

route-map To-R2 permit 20

router bgp 100

neighbor 24.0.0.1 route-map To-R2 out

This should be enough to provide end to end connectivty when R2-R4 link is down

As you can see these are the drawbacks of using static routes you need to think of all possible cases including faults and you need to configure static routes on both sides of R1-R4 link.

Hope to help

Giuseppe