Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6321
Views
0
Helpful
5
Replies

Issue redistributing between EIGRP and BGP using (match internal)

Go to solution
Sami Abunasser
Level 1
Level 1

‎08-14-2012 08:16 AM - edited ‎03-04-2019 05:16 PM

Hi,

We currently have two routing protocols that we use in our DCs. Internally we use EIGRP, and externally we use BGP. Each of DC's has an internet link and an MPLS link.

To redistribute between the EIGRP instance and the BGP instance in the DC, we use a route map that matches internal routes.

I have an ASA firewall that is connected to the core switch, this firewall is the Internet firewall, and is part of the EIGRP AS. There are site to site tunnels, the default route, and client vpn subnets that the firewall advertises to EIGRP.

Those routes are not getting redistributed into BGP, which is a huge issue. The routes coming from the firewall are all showing as external, so BGP is not advertising them.

Here's the configuration of the edge MPLS router (the one that needs to redistribute between the two):

router eigrp 50

network x.x.x.x 0.0.63.255

redistribute bgp 50 route-map BGP-TO-EIGRP

!

router bgp 50

bgp log-neighbor-changes

network y.y.y.y mask 255.255.255.255

aggregate-address y.y.y.y 255.255.192.0 summary-only

timers bgp 30 90 90

redistribute eigrp 50 route-map EIGRP-TO-BGP

neighbor z.z.z.z remote-as 50

<output ommitted>

!

route-map EIGRP-TO-BGP permit 10

match route-type internal

!

route-map BGP-TO-EIGRP permit 10

set metric 10000 100 255 1 1500

!

Here's a sample route from one of the networks that the firewall is advertising:

xxx-3925-01#sh ip route 150.175.49.3

Routing entry for 150.175.49.3/32

  Known via "eigrp 50", distance 170, metric 3328, type external

  Redistributing via eigrp 50, bgp 50

  Last update from 10.34.0.73 on GigabitEthernet0/0, 00:45:12 ago

  Routing Descriptor Blocks:

  * 10.34.0.73, from 10.34.0.73, 00:45:12 ago, via GigabitEthernet0/0

      Route metric is 3328, traffic share count is 1

      Total delay is 30 microseconds, minimum bandwidth is 1000000 Kbit

      Reliability 255/255, minimum MTU 1500 bytes

      Loading 1/255, Hops 2

xxx-3925-01#sh ip bgp neighbors x.x.x.x advertised-routes               <--- ISP MPLS Peer

BGP table version is 121306, local router ID is x.x.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale, m multipath, b backup-path, x best-external

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> x.x.0.0/18     0.0.0.0                            32768 i

Total number of prefixes 1

Looking at that output from the show route it seems it's being redistributed, but I'm not seeing it anywhere else and it doesn't show as being advertised out.

Any ideas?

Thanks,

Sami

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Sami Abunasser

‎08-14-2012 12:16 PM

Yes, the redistribution causes the route to be external. Matching on internal routes won't work in this case and you'll either need to have them also match on external routes, or they should be able to tie it down to just that routing protocol (if you have more than bgp/eigrp on this router).

route-map EIGRP permit 10

match route-type internal

route-map EIGRP permit 20

match route-type external

match source-protocol eigrp

You can't do much with the ASA in regards to tagging routes (at least in the older versions). Otherwise, I would say tag your statics during redistribution and then match on the tag.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
5 Replies 5

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎08-14-2012 08:55 AM

Sami,

You should be able to do one of two things, but they both depend on your situation. Your route map is only matching internal routes, so you could add match external as well "match route-type internal external". I'm curious as to how the router is getting an external route from EIGRP though from the ASA. Are you running different process numbers between the 2 devices? There has to be a redistribution somewhere before (maybe static routes on the ASA being redistributed into the eigrp process?) it hits the bgp router for there to be an external route. Either way, you can change the "match route-type internal" to what I stated above or you can remove the internal from the route-map (depends on what you're wanting to do).

HTH,

John

** Please rate useful posts **

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Sami Abunasser
Level 1
Level 1
In response to John Blakley

‎08-14-2012 10:04 AM

John,

I'm not sure what exactly the whole reasoning behind the network team deciding to use the (match route-type internal), but the intention was to reduce the routes it accepts or something like that (change for the sake of change).

The ASA is on the same AS# as the core switch and router, but it does do the (redistribute static) and those routes are all static. Is the problem here due to the fact that when you do redistribute static it tags them as external? and if so, is there a way around that? I doubt the ASA can really manipulate routing that much as it just does basic stuff.

Thanks,

Sami

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Sami Abunasser

‎08-14-2012 12:16 PM

Yes, the redistribution causes the route to be external. Matching on internal routes won't work in this case and you'll either need to have them also match on external routes, or they should be able to tie it down to just that routing protocol (if you have more than bgp/eigrp on this router).

route-map EIGRP permit 10

match route-type internal

route-map EIGRP permit 20

match route-type external

match source-protocol eigrp

You can't do much with the ASA in regards to tagging routes (at least in the older versions). Otherwise, I would say tag your statics during redistribution and then match on the tag.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Sami Abunasser
Level 1
Level 1
In response to John Blakley

‎08-14-2012 12:52 PM

John,

I had set this up on our Hong Kong DC last year, and I added the permit 20 to match a prefix-list which contained all the routes from the firewall, i'll just do that.

Like i said i'm not sure what the idea behind this (redistribute internal) as the LAN/WAN decided to do that and i'm part of the security team.

Thank you for explaining why the routes were external (the redistribute static), that was really what i wanted.

Thanks,

Sami

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Sami Abunasser

‎08-14-2012 12:53 PM

Thank you for the rating and good luck! We'd like to hear how it turns out

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card