cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
8
Replies

iBGP and eBGP

magedis0383
Level 1
Level 1

Hello,

 

We have a public ASN and a public IP prefix (/22)

We have 1 ISP on one router, we are going to add a new router (R2) to add more security in another datacenter with another ISP

We will use iBGP between the 2 router (we have a dark fiber between the 2 datacenter)

We use ospf between BGP router (R1 and R2) and the 2 switch (SW1 and SW2), we configure OSPF in full mesh with R1 and R2. We use default-information originate to generate a default route in OSPF. We use OSPF cost to use R1 or R2 

My question:

Do you need to use public IP between the 2 router for iBGP ? or can we use private IP on the vlan interface and only use public IP on the loopback interface use for BGP ? 

Can we announce our /22 on the router to the 2 ISP ? or it's better ton announce /24 ? (2 in one datacenter and 2 in the second datacenter).

Can we use the route-map to force to use ISP2 for the SRV1 ?

R1:

interface Loopback0
 ipv4 address 101.215.40.1 255.255.255.255

interface TenGigE0/0/2/0.3001

 ipv4 address 192.168.110.1 255.255.255.252
 encapsulation dot1q 3001

router bgp 103450
 bgp router-id 101.215.40.1
 bgp log neighbor changes detail
 bgp fast-external-fallover disable
 address-family ipv4 unicast

 neighbor 101.215.40.2
  remote-as 103450
  ttl-security
  ebgp-multihop
  address-family ipv4 unicast
   maximum-prefix 650000 80 warning-only
   route-policy announce-dinet out
   soft-reconfiguration inbound
   next-hop-self

router static
address-family ipv4 unicast
101.215.40.2 255.255.255.255 192.168.110.1

R2:

interface Loopback0
 ipv4 address 101.215.40.2 255.255.255.255

interface TenGigE0/0/2/0.3001

 ipv4 address 192.168.110.2 255.255.255.252
 encapsulation dot1q 3001

router bgp 103450
 bgp router-id 101.215.40.2
 bgp log neighbor changes detail
 bgp fast-external-fallover disable
 address-family ipv4 unicast

 neighbor 101.215.40.1
  remote-as 103450
  ttl-security
  ebgp-multihop
  address-family ipv4 unicast
   maximum-prefix 650000 80 warning-only
   route-policy announce-dinet out
   soft-reconfiguration inbound
   next-hop-self

router static
address-family ipv4 unicast
101.215.40.1 255.255.255.255 192.168.110.2

 

Thks !

8 Replies 8

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Do you need to use public IP between the 2 router for iBGP ? or can we use private IP on the vlan interface and only use public IP on the loopback interface use for BGP ? 

You can use private IP for the IBGP connection as well as your loopback addresses.

Can we announce our /22 on the router to the 2 ISP ?

Yes, as long as you own the IP segment, you can announce it to as many providers as you want

or it's better ton announce /24 ? (2 in one datacenter and 2 in the second datacenter).

It depends on your need.  I usually break a /23 down to 2 /24 or a 22 to 4 /24 or 2 /23 when announcing it.  

At the end the results are the same but if you break it down, it gives you more flexibility. For example: you can use one public segment for your internal network and one in DMZ, but if you announce as 22/ it not as easy to break down later.

HTH

 

 

Thks for your answer.

is it rfc compliant to use private IP for iBGP evenif we use BGP with public IP ? 

Thks.

Hi,

Yes, IBGP is internal to your network.  So you can use private or public IP.

HTH

I absolutely agree with my colleague Reza about using private IP for the IBGP. There is no problem at all in doing this and it is frequently done this way.

 

On the question of "Can we announce our /22 on the router to the 2 ISP ?" I agree with Reza's statement that it depends on your needs. I would suggest that there is some benefit in advertising a single block of /22 (especially good for consolidation of the Internet Routing Table and reducing fragmentation in the routing table). But there may be circumstances in your network where you would want to advertise a smaller block to one ISP.

 

Your last question "Can we use the route-map to force to use ISP2 for the SRV1 ?" is difficult to answer. Certainly you should be able to use a route map (used as part of Policy Based Routing) to direct traffic from SRV1 to exit using ISP2. But that does not help at all with how traffic from the Internet will come to SRV1.

 

HTH

 

Rick

HTH

Rick

Thks!

in using private IP we will this private IP with a traceroute no ? 

No sure if I understand the question.  Can you explain?

for example :

 

srv1 -> SW1-OSPF->R1-iBGP->R2->ISP1

if i use private ip on loopback and interco witch R1 and R2, if i do a traceroute to or from srv1, will i see private IP or only public ip ? (srv1 has got a public ip)

 

Thks.

If server1 has a public IP on the outgoing interface to the providers, than the source will be public IP address.

Please rate all helpful posts.

HTH
 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco