Dear Jon/Amer

PE-CE would be BGP only caz i have the configurations from Telco with BGP. I mean to say internally i would be using the static routing only (for example-

my network at HQ is-192.168.0.0 255.255.128.0

at each site am using /24 network starting from 192.168.200.x/24, 192.168.201.x/24 ............................. 192.168.209.x/24

In this i am at the 2 point Amer have mentioned right? and in my main router at HQ - i should mention

ip route 192.168.0.0 255.255.128.0 and all branches (ie branch 1, should mentione 192.168.200.x/24 only right???

Or in HQ Router do i need to mention the static route for each branhces(as like normal static routing) and need to redistribute that to BGP (ie-

ip route 192.168.200.0 255.255.255.0

ip route 192.168.201.0 255.255.255.0

...

...

...

ip route 192.168.209.0 255.255.255.0

and in

!

router bgp 64370

redistribute static

neighbor ....

..

...

!

Or

at HQ like this

router bgp 64370

network 192.168.0.0 255.255.128.0

neighbor ....

and branhces

ip route 0.0.0.0 0.0.0.0

and

redistribute static or redistribute connected

At branches if i put a default route pointing to the bgp neighbor ( ip roue 0 0 there would be any issue? caz the branch user will be accessing the internet through HQ.

sorry if i am making you all confused since this  is the first time i am doing this

thanks for the understanding

regards

Sunny

hi all

follwoing is the IOS image running on my Cisco 2811 Router.

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3i)

c2800nm-advsecurityk9-mz.124-3i.bin

when i put the bgp command am getting teh following error-

router bgp 65089
Protocol not in this image

what could be the problem ? can anyone help in this please.

regards

Jacob

Hello Jacob,

this means that you need a different IOS image. A change of feature set implies to pay a fee, money for feature upgrade.

also the configurations you have proposed are not correct:

if you use BGP you learn prefixes from BGP neighbor and you need to advertise local routes to the BGP neighbor.

The notes from Jon and Amer about the need to have in IP routing table an entry corresponding to the network command is referred to local site specific routes that your router needs to advertise to the service provider PE router.

If the remote site is simple the local site specific routes can be simply connected interfaces on branch router.

If there is more then one L3 device in branch office you may have already static routes on your device pointing to internal site specific routes.

All you need when BGP will be supported is to use the network command under router bgp for local site specific routes on each site.

Alternatively, you can speak with service provider to use static routing as PE-CE routing protocol to avoid the additional fee for feature set upgrade on your routers.

In that case each remote router will have a default static route pointing to PE node and service provider needs to configure at each site specific static routes for your site IP prefixes.

that is similar to the static routes you have proposed.

Hope to help

Giuseppe

HI Guisee / Jon/ Amer,

Thanks for the details. I have upgraded the IOS with advipservices and the bgp protocol is resolved now.

The remote site is small there are very few PC's on the LAN and connect to the Router as the Gateway, there is not other L3 device in the LAN. But in HQ i have different devices as like you mentioned, i have a static route for my local network (192.168.0.0 255.255.128.0) pointing to my inside network on the Router. I am just pasting the config could you please verify the same -

Branche 1-

!

interface FastEthernet0/0

description *** Telco MPLS VPN Link ***

ip address 172.31.x.x 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.x.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

router bgp 64xxx

no synchronization

bgp log-neighbor-changes

redistribute connected

neighbor 172.31.xx.xx remote-as 65xxx

no auto-summary

---------------------------------------------------------------------------

HQ

interface FastEthernet0/0

ip address 192.168.x.x 255.255.255.248

no ip redirects

duplex auto

speed auto

standby ip 192.168.x.x

standby priority 110

standby preempt

standby track FastEthernet0/1

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.3166

encapsulation dot1Q 3166

ip address 172.31.xx.xxx 255.255.255.252

!

router eigrp 100

network 192.168.0.0 0.0.127.255

no auto-summary

!

router bgp 650xx

no synchronization

bgp log-neighbor-changes

network 192.168.0.0 mask 255.255.128.0

neighbor 172.31.xx.xxx remote-as 65000

no auto-summary

!

ip route 192.168.0.0 255.255.128.0 192.168.96.1

---------------------------------------------------------

NOT USED REDISTRIBUTE STATIC OR REDISTRIBUTE CONNECTED HERE

--------------------

Appreciate your valuable response

thanks and regards

Sunny

NO STATIC ROUTE ENTRY IS IN THE BRANCHES, DO I NEED TO ADD ?

---------------------------------------------

jacob.samuel wrote:
HI Guisee / Jon/ Amer,
Thanks for the details. I have upgraded the IOS with advipservices and the bgp protocol is resolved now.
The remote site is small there are very few PC's on the LAN and connect to the Router as the Gateway, there is not other L3 device in the LAN. But in HQ i have different devices as like you mentioned, i have a static route for my local network (192.168.0.0 255.255.128.0) pointing to my inside network on the Router. I am just pasting the config could you please verify the same -
Branche 1-
!
interface FastEthernet0/0
description *** Telco MPLS VPN Link ***
ip address 172.31.x.x 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.x.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
router bgp 64xxx
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 172.31.xx.xx remote-as 65xxx
no auto-summary
---------------------------------------------------------------------------
HQ
interface FastEthernet0/0
ip address 192.168.x.x 255.255.255.248
no ip redirects
duplex auto
speed auto
standby ip 192.168.x.x
standby priority 110
standby preempt
standby track FastEthernet0/1
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.3166
encapsulation dot1Q 3166
ip address 172.31.xx.xxx 255.255.255.252
!
router eigrp 100
network 192.168.0.0 0.0.127.255
no auto-summary
!
router bgp 650xx
no synchronization
bgp log-neighbor-changes
network 192.168.0.0 mask 255.255.128.0
neighbor 172.31.xx.xxx remote-as 65000
no auto-summary
!
ip route 192.168.0.0 255.255.128.0 192.168.96.1
---------------------------------------------------------
NOT USED REDISTRIBUTE STATIC OR REDISTRIBUTE CONNECTED HERE
--------------------
Appreciate your valuable response
thanks and regards
Sunny
NO STATIC ROUTE ENTRY IS IN THE BRANCHES, DO I NEED TO ADD ?
---------------------------------------------

Sunny

At the branch sites you will need to advertise the branch network into BGP otherwise HQ will not know about it. So from your above example -

Branch 1

router bgp 64xxx

network 192.168.x.0 mask 255.255.255.0

At the HQ site you will need to redistribute the BGP learned routes into EIGRP -

HQ site

router eigrp 100

redistribute BGP 650xx metric 10000 100 255 1 1500

Jon

Hello Jon, Sunny

on branch Sunny  is using redistribute connected under router bgp and this is fine (no other L3 device is present on branch)

On HQ router Sunny has added a static route for the whole network:

ip route 192.168.0.0 255.255.128.0 net-hop-ip-address

then Sunny has made a network command with mask 255.255.128.0.

to build an always on aggregate the static route should point to null0

ip route 192.168.0.0 255.255.128.0 null0

This is a way to build an aggregate address hiding component routes.

redistributing EIGRP into BGP can be useful if the detail of component routes is desired and if he wants to advertise the real state of each EIGRP route in HQ site.

I recommend static route to null0 to create a stable aggregate route for all HQ site or as Jon has suggested redistribution of EIGRP into BGP at HQ router.

Hope to help

Giuseppe

Giuseppe

On branch Sunny  is using redistribute connected under router bgp and this is fine (no other L3 device is present on branch)

Good spot, i missed that one !

Jon

Hi Jon/Giusee/Amer

Thanks a lot for the update.

Jon i was thinking to use a dynamic routing protocol at the HQ, thats why can see the eigrp entry. Later i decide not to go for the complication and went for the static routing and removed eigrp. If i just need to add redistribute the eigrp in to the BGP and if it will not make much complication then as Giusee also suggested i can think about putting eigrp back. Is there any thing which i need to take care additionally if i go for EIGRP at HQ? do i need to redistribute the bgp also in to eigp or not? expecting your kind suggestion.

Giusee, i didnt get the point of null 0 interface on this, could you please clarify me, for null interface i just need to create a interface null 0 command on config mode only right? a static route pointing to null interface means it will drop the traffic right, then why do i need a static route entry there? what is the problem if i remove the static route entry now?

thanks a lot and appreciate your valuable input on the same.

regards

Sunny

Hello Sunny,

null0 is a logical interface that exists on every cisco router you don't need to create it.

It is a sort of waste bin and it can be used for example to create an aggregate address to be advertised in BGP.

a packet matching a static route to null0 is silently discarded (waste bin).

It is a form/tool of routing loop avoidance when creating aggregate or summary routes.

For example EIGRP creates a route to null0 automatically when using ip summary-address eigrp command in interface mode.

Also OSPF has the concept of discard route.

The idea is : a summary route that is always on is created to be advertised in BGP. if from branch arrives a packet that is for an unknown subnet in EIGRP domain HQ site the packet is silenty discarded without the risk of sending the packet back to a branch router.

This can be seen as a best practice.

About EIGRP and BGP at HQ site:

it may be wise to redistribute BGP into EIGRP, specially if another router is the exit point to internet and a default route cannot be injected into EIGRP domain by HQ WAN router.

be aware that for redistributing BGP into EIGRP you need a seed metric and for this default-metric command is needed

router eigrp 1

default-metric 10000 1000 255 1 1500

red bgp xx

no auto-summary

To avoid mutual bidirectional redistribution the static route to null0 can be handy: in this way there is no need to redistribute EIGRP into BGP.

Hope to help

Giuseppe

Sunny

I totally agree with Giuseppe on the use of EIGRP and redistribution at HQ  and in fact we used this setup in the last place i worked.

Basically you want to redistribute BGP into EIGRP so HQ knows about all the remote sites. You then use a "network ..." statement under BGP at HQ to advertise HQ subnet(s) to the remote sites. And you add a static route to null0 to match your summarised network statement.

Doing the above avoids mutual redistribution which would only complicate things and is not really needed in your setup.

Jon

Dear Giusee/Jon,

Thanks a lot for the detailed descriptions.

I have another point to mention, which i think i mentioned before. The branch users will be connecting to internet through the same link to HQ. At HQ i have 2 mb internet link. In this case i need to publish a specific route for the branches and a default route that is connecting to the internet router / firewall to forward the internet request from the users at Branches. If i go for EIGRP is there any problem i could find in porviding internet to the branch users?

thanks amd regards

Sunny

Hello Sunny,

in this case in BGP you need to advertise a default route 0.0.0.0 that represent internet for the branch sites.

For this on HQ WAN router

ip route 0.0.0.0 0.0.0.0 Fw-ipaddress (if they have an IP subnet in common)

router bgp xx

network 0.0.0.0

If you follow previous indications EIGRP will contain external routes representing branch offices so no problem about this.

If firewall does take part in EIGRP it requires static routes for the branch routes pointing to an EIGRP speaking  router.

NAT rules have to be updated to include branch routes.

Hope to help

Giuseppe