Full mesh OSPF over GRE tunnels in combination with BGP

axeleratorcisco · ‎10-22-2013

I have R1 and R2 learning routes via e-BGP (R1 and R2 are not interconnected directly)

R3 and R4 are across R1 and R2, and R1/R2/R3/R4 are interconnected with GRE tunnels, and OSPF is running over them, in a full mesh.

R3 and R4 have static routes to a subnet, and i use a redistribute static subnets on R3 and R4 under OSPF processes, to make these routes known to R1 and R2.

R1 and R2 make their BGP routes known to R3 and R4 by using the redistribute bgp as subnets command under their OSPF configuration.

Finally R1 and R2 announce the networks from R3 and R4 into BGP with the network command. R1 and R2 see the static route from R3 and R4 as an OSPF E2 route, thus having a route will announce them into BGP.

What are the issues/dangers/complications with this type of setup?

R3 and R4 receive the BGP routes from R1 and R2 as OSPF E2 routes.

Is there chance of loops, routing issues in such a setup?

How to prevent this?

Vasilii Mikhailovskii · ‎10-22-2013

Hello.

It looks like to have two external (BGP) uplinks, but don't have iBGP between R1/R2.

Also your OSPF process has a single area and 2 ASBRs (for static route, let's say "prefix A") + 2 ASBR (for BGP redistribution).

You are not redistributing from OSPF into BGP, but redistributing from BGP into OSPF.

I see no reason for routing loop, but following case.

Th only issue I could imagine if (match-any ):

R1/R2 can reach each other via external link;
and R1/R2 do not filter "prefix A" on inbound updates;
and R1/R2 use different AS numbers (or ISPs are using as-override),

then in case internal link goes down (let's say on R2), then R2 will learn "prefix A" via BGP.

If internal link recovers, "prefix A" will not be installed into RIB from OSPF (due to higher AD comparing to eBGP).

So R2 have "prefix A" learnt from BGP, so it advertises "prefix A" into OSPF preocess... R1 could choose R2 if it has better OSPF metric.

Issue description adjusted.