06-05-2014 04:43 PM - edited 03-04-2019 11:06 PM
Hi All
I'm trying to figure out if I can change the next-hop to a default route that I am injecting into BGP. I have basically configured a WAN network connecting 4 routers (as below) with eBGP and iBGP peers. The WAN links are reachable via eigrp, and the BGP peering takes place to L0's which are also reachable via eigrp. I want R2 to send the route to the downstream DEG router, but I want the next-hop not to be the source L0, but a firewall interface. So all traffic destined for the default route will be sent to the firewall. In the event the upstream router goes offline, another default-route should be seen via iBGP, it too will need it's next-hop attribute changed to another firewall ip address. See the diagram below and config for routers.
The servers downstream are vlans 10, 11, 20 (On left) and vlan 30 on right with network IPs 10.10.10.10, 11.11.11.10, 20.20.20.10 and 30.30.30.10 respectively. Their default gateway is currently the L3 SVI on the MSFC. I want the default route that comes from R2 on the right to DEG on the bottom right, to have the next hop of the local inside firewall 10.
Router 2 Config
R2#sho run
Building configuration...
Current configuration : 1535 bytes
!
! Last configuration change at 00:35:27 UTC Fri Jun 6 2014
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Loopback0
description BGP Neigh Adjacency
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface GigabitEthernet1/0
no ip address
shutdown
negotiation auto
!
interface FastEthernet2/0
description P2P Link P2P Link for BGP Remote_AS 65501
ip address 192.168.200.4 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
!
router eigrp 100
network 4.0.0.0
network 192.168.200.0
!
router bgp 605
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 605
neighbor 3.3.3.3 remote-as 65501
neighbor 3.3.3.3 ebgp-multihop 10
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 default-originate route-map DEG_Def_Route
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
route-map DEG_Def_Route permit 10
set ip next-hop 10.108.129.10
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
DEG N7k Router
DEG_Core-N7000-SW#sho run
Building configuration...
Current configuration : 3864 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DEG_Core-N7000-SW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
description BGP Neigh Adjacency
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
description P2P Link for BGP Remote_AS 605
ip address 192.168.200.3 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description *** Unused for Layer2 SW ***
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
switchport access vlan 30
duplex full
speed 100
!
interface FastEthernet1/1
duplex full
speed 100
!
output omitted
!
interface FastEthernet1/11
duplex full
speed 100
!
interface FastEthernet1/12
duplex full
speed 100
!
interface FastEthernet1/13
description L3 Link for iBGP
no switchport
ip address 192.168.201.2 255.255.255.252
duplex full
speed 100
!
interface FastEthernet1/14
duplex full
speed 100
!
interface FastEthernet1/15
description Layer 2 Link to CW N7K
switchport mode trunk
duplex full
speed 100
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description Finance Dept Vlan
ip address 10.10.10.2 255.255.255.0
standby 10 ip 10.10.10.3
!
interface Vlan11
description Sales Dept Vlan
ip address 11.11.11.2 255.255.255.0
standby 11 ip 11.11.11.3
standby 11 priority 200
standby 11 preempt
!
interface Vlan30
description DEG Local
ip address 30.30.30.1 255.255.255.0
!
router eigrp 100
network 3.0.0.0
network 192.168.200.0
network 192.168.201.0
no auto-summary
!
router bgp 65501
no synchronization
bgp log-neighbor-changes
network 10.10.10.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
network 20.20.20.0 mask 255.255.255.0
network 30.30.30.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 65501
neighbor 1.1.1.1 update-source Loopback0
neighbor 4.4.4.4 remote-as 605
neighbor 4.4.4.4 ebgp-multihop 10
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip any host 1.1.1.1
access-list 110 permit ip any host 2.2.2.2
!
route-map Secondary_to_R4 permit 10
match ip address 110
set ip next-hop 10.104.128.10
!
route-map Primary_to_R2 permit 10
match ip address 100
set ip next-hop 10.104.129.10
!
!
!
control-plane
!
banner exec ^C
***************************************************************
This is a normal Router with a SW module inside (NM-16ESW)
It has been preconfigured with hard-code speed and duplex
To create vlans use the command "vlan database" from exec mode
After creating all desired vlans use "exit" to apply the config
To view existing vlans use the command "show vlan-switch brief"
Warning: You are using an old IOS image for this router.
Please update the IOS to enable the "macro" command!
***************************************************************
^C
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
DEG_Core-N7000-SW#
R4 Router Config
R4#sho run
Building configuration...
Current configuration : 1465 bytes
!
! Last configuration change at 21:22:34 UTC Thu Jun 5 2014
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
interface Loopback0
description BGB Neigh Adjacency
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface GigabitEthernet1/0
no ip address
shutdown
negotiation auto
!
interface FastEthernet2/0
description P2P Link for BGB Rmote_AS 65501
ip address 192.168.200.2 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
!
router eigrp 100
network 2.0.0.0
network 192.168.200.0
!
router bgp 605
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65501
neighbor 1.1.1.1 ebgp-multihop 10
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 default-originate
neighbor 4.4.4.4 remote-as 605
default-information originate
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
R4#
CW N7K Router Config
CW_Core-N7000-SW#sho run
Building configuration...
Current configuration : 3731 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname CW_Core-N7000-SW
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
description BGB Neigh Adjacency
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
description P2P Link for BGP Remote_AS 605
ip address 192.168.200.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description *** Unused for Layer2 SW ***
no ip address
duplex auto
speed auto
!
interface FastEthernet1/0
switchport access vlan 10
duplex full
speed 100
!
interface FastEthernet1/1
description Link to Sales Server
switchport access vlan 11
duplex full
speed 100
!
interface FastEthernet1/2
switchport access vlan 20
duplex full
speed 100
!
!
interface FastEthernet1/13
description L3 Link for iBGP
no switchport
ip address 192.168.201.1 255.255.255.252
duplex full
speed 100
!
interface FastEthernet1/14
no switchport
no ip address
duplex full
speed 100
!
interface FastEthernet1/15
description Layer 2 Link to DEG N7K
switchport mode trunk
duplex full
speed 100
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description Finance Dept Vlan
ip address 10.10.10.1 255.255.255.0
standby 10 ip 10.10.10.3
standby 10 priority 200
standby 10 preempt
!
interface Vlan11
description Sales Dept Vlan
ip address 11.11.11.1 255.255.255.0
standby 11 ip 11.11.11.3
!
interface Vlan20
description CityWest Local
ip address 20.20.20.1 255.255.255.0
!
router eigrp 100
network 1.0.0.0
network 192.168.200.0
network 192.168.201.0
no auto-summary
!
router bgp 65501
no synchronization
bgp log-neighbor-changes
network 10.10.10.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
network 20.20.20.0 mask 255.255.255.0
network 30.30.30.0 mask 255.255.255.0
neighbor 2.2.2.2 remote-as 605
neighbor 2.2.2.2 ebgp-multihop 10
neighbor 2.2.2.2 update-source Loopback0
neighbor 3.3.3.3 remote-as 65501
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
^C
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
CW_Core-N7000-SW#
Thanks in advance for any and all help guys.... I appreciate it.
Mooey
06-05-2014 04:56 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide