12-17-2014 02:44 PM - edited 03-05-2019 12:24 AM
Hello,
We have a public ASN and a public IP prefix (/22)
We have 1 ISP on one router, we are going to add a new router (R2) to add more security in another datacenter with another ISP
We will use iBGP between the 2 router (we have a dark fiber between the 2 datacenter)
We use ospf between BGP router (R1 and R2) and the 2 switch (SW1 and SW2), we configure OSPF in full mesh with R1 and R2. We use default-information originate to generate a default route in OSPF. We use OSPF cost to use R1 or R2
My question:
Do you need to use public IP between the 2 router for iBGP ? or can we use private IP on the vlan interface and only use public IP on the loopback interface use for BGP ?
Can we announce our /22 on the router to the 2 ISP ? or it's better ton announce /24 ? (2 in one datacenter and 2 in the second datacenter).
Can we use the route-map to force to use ISP2 for the SRV1 ?
R1:
interface Loopback0
ipv4 address 101.215.40.1 255.255.255.255
interface TenGigE0/0/2/0.3001
ipv4 address 192.168.110.1 255.255.255.252
encapsulation dot1q 3001
router bgp 103450
bgp router-id 101.215.40.1
bgp log neighbor changes detail
bgp fast-external-fallover disable
address-family ipv4 unicast
neighbor 101.215.40.2
remote-as 103450
ttl-security
ebgp-multihop
address-family ipv4 unicast
maximum-prefix 650000 80 warning-only
route-policy announce-dinet out
soft-reconfiguration inbound
next-hop-self
router static
address-family ipv4 unicast
101.215.40.2 255.255.255.255 192.168.110.1
R2:
interface Loopback0
ipv4 address 101.215.40.2 255.255.255.255
interface TenGigE0/0/2/0.3001
ipv4 address 192.168.110.2 255.255.255.252
encapsulation dot1q 3001
router bgp 103450
bgp router-id 101.215.40.2
bgp log neighbor changes detail
bgp fast-external-fallover disable
address-family ipv4 unicast
neighbor 101.215.40.1
remote-as 103450
ttl-security
ebgp-multihop
address-family ipv4 unicast
maximum-prefix 650000 80 warning-only
route-policy announce-dinet out
soft-reconfiguration inbound
next-hop-self
router static
address-family ipv4 unicast
101.215.40.1 255.255.255.255 192.168.110.2
Thks !
12-17-2014 06:54 PM
Hi,
Do you need to use public IP between the 2 router for iBGP ? or can we use private IP on the vlan interface and only use public IP on the loopback interface use for BGP ?
You can use private IP for the IBGP connection as well as your loopback addresses.
Can we announce our /22 on the router to the 2 ISP ?
Yes, as long as you own the IP segment, you can announce it to as many providers as you want
or it's better ton announce /24 ? (2 in one datacenter and 2 in the second datacenter).
It depends on your need. I usually break a /23 down to 2 /24 or a 22 to 4 /24 or 2 /23 when announcing it.
At the end the results are the same but if you break it down, it gives you more flexibility. For example: you can use one public segment for your internal network and one in DMZ, but if you announce as 22/ it not as easy to break down later.
HTH
12-18-2014 12:56 AM
Thks for your answer.
is it rfc compliant to use private IP for iBGP evenif we use BGP with public IP ?
Thks.
12-18-2014 05:21 AM
Hi,
Yes, IBGP is internal to your network. So you can use private or public IP.
HTH
12-18-2014 12:19 PM
I absolutely agree with my colleague Reza about using private IP for the IBGP. There is no problem at all in doing this and it is frequently done this way.
On the question of "Can we announce our /22 on the router to the 2 ISP ?" I agree with Reza's statement that it depends on your needs. I would suggest that there is some benefit in advertising a single block of /22 (especially good for consolidation of the Internet Routing Table and reducing fragmentation in the routing table). But there may be circumstances in your network where you would want to advertise a smaller block to one ISP.
Your last question "Can we use the route-map to force to use ISP2 for the SRV1 ?" is difficult to answer. Certainly you should be able to use a route map (used as part of Policy Based Routing) to direct traffic from SRV1 to exit using ISP2. But that does not help at all with how traffic from the Internet will come to SRV1.
HTH
Rick
12-18-2014 12:38 PM
Thks!
in using private IP we will this private IP with a traceroute no ?
12-18-2014 01:06 PM
No sure if I understand the question. Can you explain?
12-18-2014 02:07 PM
for example :
srv1 -> SW1-OSPF->R1-iBGP->R2->ISP1
if i use private ip on loopback and interco witch R1 and R2, if i do a traceroute to or from srv1, will i see private IP or only public ip ? (srv1 has got a public ip)
Thks.
12-18-2014 04:13 PM
If server1 has a public IP on the outgoing interface to the providers, than the source will be public IP address.
Please rate all helpful posts.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: