cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
783
Views
0
Helpful
12
Replies

One private network with multiple AS numbers

Miran Mukerji
Level 1
Level 1

Hi there,

We have currently about 15 different offices in remote locations. We have made a deal with one ISP to provide us with IP WAN network using BGP private AS numbers (65001 to 65015) so that we can advertise our private IP ranges (10.x.x.x/24, each site has several 24 bits IP subsets) through the BGP  as per the attached drawings. You can see from the network diagrame that every location has a different AS number.

Now, we have recently installed optical fiber cables between all our offices and connected all the Cisco 3560 L3 switches into our new private network and we want to run EIGRP as primary routing protocol over our private network as indicated in the attached drawing (after modification).  In the same time, we want to keep our IP WAN BGP connections as backup route via the ISP. We are seeking advise onto what will be the best way to redesign our network without changing the AS numbers.  The situation now is we have one private network but this network contains many bgp AS numbers and can't use iBGP among them.

Pls see attached diagram

Thanks and best regards

Baranan

12 Replies 12

John Blakley
VIP Alumni
VIP Alumni

Baranan,

On the bgp routers that you want to prefer the eigrp route for, you can use the backdoor statement on those routes. For example, let's say office 2 learns 192.168.1.0/24 from eigrp and bgp. BGP will be preferred because the AD is 20 vs EIGRP of 90. If you want to prefer this route in EIGRP first, on the office 2 router, you would set this route as "network 192.168.1.0 mask 255.255.255.0 backdoor". That would put the eigrp route in your routing table over the bgp learned route, but you would need to do that for every route as far as I know.

The other option would be to set your bgp routes to be a higher AD than eigrp with the distance command under bgp.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hi John,

don't you think it would be quite complicated to configure the

network ... backdoor

commands for all non-local subnets on each router?

And to add/remove the commands with each subnet change?

The AD modification would be easier, I guess?

Best regrads,

Milan

Milan,

It would, but I wanted to give the option. It would be even worse trying to maintain it because every new network now means they would have to get on every router and add that network to bgp. I agree, changing the AD would be easier.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hi John and Milan

Many thanks for your kind prompt advices.

The advantage of the backdoor is that we don't need to change any AD. The problem is that we have too may 24-bit subnets (about 300) and it would be quite complicated to add them one by one.

Is there a way to use summarization with the backdoor statement ?

I was thinking not to use any IGP protocols (EIGRP or OSPF) and instead use eBGP among the different sites over the fiber network with higher weighting factor over the link to the ISP. That means creating eBGP peer connections between a SVI of the 3560 switches as each site has different AS number. But not sure if this would be a good and clean design option. What do you think ?

Regarding Milan's idea of changing the AD of the BGP, I'm just a bit reluctant to change ADs as it dosn't look right for me

Would highly appreciate your thoughts

Best regards

Baranan

Baranan,

That's what I do. I have only bgp everywhere and change my weights/local prefs depending on what I want to prefer. It's a lot easier doing that than messing with distance I believe.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hi,

I'd say: It depends.

But handling 300 prefixes with backdoor command is definitely a nightmare.

Depending on your fiber topology and the bandwidth on the lines to your provider.

If you are running 1 Gbps fiber lines and E1 to the provider,e.g., you'd want to prefer the fiber connection as long as any fiber path exist from one site to the other.

In that case changing the AD would be an easy and perfectly working solution.

Running BGP only and playing with the BGP attributes should also work.

But is not so easy and could result in an asymmetric routing in some topologies, I'm afraid.

Best regards,

Milan

"But is not so easy and could result in an asymmetric routing in some topologies, I'm afraid."

This is very true....

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hello

Given the two choices and the amount of network statement this is relating to - I would opt for the AD change on the Eigrp Process, it also gives you the easist backout procedure.

router eigrp 100

distance eigrp 90 19

sh ip protocols | in Distance|bgp|eigrp

Routing Protocol is "bgp 1"

    Gateway         Distance      Last Update

  Distance: external 20 internal 200 local 200

Routing Protocol is "eigrp 100"

  Redistributing: eigrp 100

    Gateway         Distance      Last Update

  Distance: internal 90 external 19

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

does it make a sense to configure internal EIGRP prefixes to get a worse AD than eBGP ones in this case?

I don't think so!

router eigrp 100

distance eigrp 9 19

would be more appropriate, I guess.

Best regards,

Milan

Hello

yes that a typo i didt notice even when I posted the config - apologies to all

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello,

I agree with Milan, changing the AD in this case would be perfect. Also, don't forget that when you're applying the backdoor command you're actually changing the AD of these prefixes to 200. Another way to achieve the same behavior would be to change the AD of eBGP to 200 or something worse than EIGRP:

distance 200 0.0.0.0 255.255.255.255 1

access-list 1 permit 0.0.0.0 255.255.255.255 --- You could specify here the prefixes

Best Regards,

Jose.

Dear All,

Many thanks for your great contributions. As all options have been discussed,  now I think  chaning the bgp AD would be the best option and I will go head with that.

Best regards

Baranan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco