11-04-2014 01:07 PM - edited 03-05-2019 12:06 AM
Hello Everyone,
I have a "MAIN" that accesses the VPN network 172.16.2.0/24 (Loopback0 Simulate VPN UP). And "BACKUP" that also accesses the VPN network 172.16.2.0/24 (Loopback0 Simulate VPN UP)
My idea would be to let the network 172.16.2.0/24 be known by both the master and backup in the "client".
It is possible in the routing table of the "CLIENT" see E1 - 172.16.2.0/24 and E2 - 172.16.2.0/24?
Setting this up in BGP?
PS.: OSPF between MAIN and BACKUP will configure after
Tks my friends
Daniel
11-04-2014 03:00 PM
Hello
Just to confirm you wish to use the ospf path ( internal igp) as preferred path and BGP ( external path) as backup?
res
Paul
11-04-2014 03:02 PM
Yes, Paul!
11-04-2014 03:02 PM
From the looks of your diagram, I'm not sure what you would be afforded by doing it this way if you only have the single link to the BGP. I may be misunderstanding something though.
E1 routes are always preferred over E2 routes. The E1 route will be in the routing table, and will be the route that will be redistributing when redistribution is configured. Is there a reason that you want both routes in at the same time?
11-04-2014 03:26 PM
My customer and the operator in Brazil (like at&t) want to configure the link as well..
So I published here .. basically the 172.16.2.0/24 network must first exit at Main and Backup is backup
I did some configuration, but when i redistribute ospf into bgp, bgp doesnt seen when Main fail.. Continuous announce the 172.16.2.0/24 in Main.. Not converge to backup..
11-04-2014 04:53 PM
So where is the 172.16.2.0/24 network being advertised from? Is it originated at the client side or on the main/backup side? Do you have the gns .net file for this?
11-04-2014 05:11 PM
11-04-2014 06:20 PM
Okay. I'm not sure how deep you want to go with this solution, but here's what I did. AS30 is your primary router that would allow you to control where your failover path is. It has a bgp peering with both AS10 and AS20. AS10 and AS20 both have ospf neighborships with Main and Backup, and AS30 has an ospf neighborship with Client. The loopbacks (I'm assuming this is your test network that you want to failover for) are on main and backup. AS10 is learning about this network from Main and AS20 is learning about the network from Backup.
Since AS30 is the only router that your client goes through, the client will send its traffic to the AS30 router. The AS30 router needs to know both paths on how to get to 172.16.2.0. On AS30, I manipulated local pref:
access-list 1 permit 172.16.2.0 0.0.0.255
route-map OSPFRoute permit 10
match address 1
set local-pref 150
route-map OSPFRoute permit 20
Under "router bgp 30", I changed the peering with AS10 to prefer this route to go over that link:
router bgp 30
neighbor x.x.x.x route-map OSPFRoute in
That changed the local pref for the route and selects it as best on the AS30 router.
I then shut the 192.168.2.x interface on the Main router while doing a ping to 172.16.2.1 from the Client router. The pings start to fail. Due to the reconvergence differences, I had to wait for AS10 to notice that the Main router link was no longer available. Once that happens, the 172.16.2.0 route is no longer available in ospf and can't be redistributed into BGP. The route now was going over AS20 to the other router.
So here's why I said it depends on how complicated you intend to make this. The above was done in about 10 minutes, but there are so many paths this could go which means that you're going to have to manipulate all of the paths to prefer which direction you want to go. For example:
Client - AS30 - AS10 - Main
Client - AS30 - AS20 - AS10 - Main (in case link between AS10 and 30 goes down)
Client - AS30 - AS10 - AS20 - Backup - Main (in case link between 10 and main go down)
etc.
There are a lot of possibilities that you'll need to take into consideration...
HTH,
John
11-05-2014 02:14 AM
Thank you very much =)
The idea is the case "client" knows the network 172.16.2.0/24 first by main
When MAIN fails, backup is the way.
When MAIN return, "client" re-access the network 172.16.2.0/24 for MAIN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide