12-11-2013 08:18 AM - edited 03-04-2019 09:50 PM
Hi there,
We have currently about 15 different offices in remote locations. We have made a deal with one ISP to provide us with IP WAN network using BGP private AS numbers (65001 to 65015) so that we can advertise our private IP ranges (10.x.x.x/24, each site has several 24 bits IP subsets) through the BGP as per the attached drawings. You can see from the network diagrame that every location has a different AS number.
Now, we have recently installed optical fiber cables between all our offices and connected all the Cisco 3560 L3 switches into our new private network and we want to run EIGRP as primary routing protocol over our private network as indicated in the attached drawing (after modification). In the same time, we want to keep our IP WAN BGP connections as backup route via the ISP. We are seeking advise onto what will be the best way to redesign our network without changing the AS numbers. The situation now is we have one private network but this network contains many bgp AS numbers and can't use iBGP among them.
Pls see attached diagram
Thanks and best regards
Baranan
12-11-2013 08:47 AM
Baranan,
On the bgp routers that you want to prefer the eigrp route for, you can use the backdoor statement on those routes. For example, let's say office 2 learns 192.168.1.0/24 from eigrp and bgp. BGP will be preferred because the AD is 20 vs EIGRP of 90. If you want to prefer this route in EIGRP first, on the office 2 router, you would set this route as "network 192.168.1.0 mask 255.255.255.0 backdoor". That would put the eigrp route in your routing table over the bgp learned route, but you would need to do that for every route as far as I know.
The other option would be to set your bgp routes to be a higher AD than eigrp with the distance command under bgp.
HTH,
John
*** Please rate all useful posts ***
12-11-2013 01:40 PM
Hi John,
don't you think it would be quite complicated to configure the
network ... backdoor
commands for all non-local subnets on each router?
And to add/remove the commands with each subnet change?
The AD modification would be easier, I guess?
Best regrads,
Milan
12-11-2013 02:47 PM
Milan,
It would, but I wanted to give the option. It would be even worse trying to maintain it because every new network now means they would have to get on every router and add that network to bgp. I agree, changing the AD would be easier.
HTH,
John
*** Please rate all useful posts ***
12-12-2013 07:06 AM
Hi John and Milan
Many thanks for your kind prompt advices.
The advantage of the backdoor is that we don't need to change any AD. The problem is that we have too may 24-bit subnets (about 300) and it would be quite complicated to add them one by one.
Is there a way to use summarization with the backdoor statement ?
I was thinking not to use any IGP protocols (EIGRP or OSPF) and instead use eBGP among the different sites over the fiber network with higher weighting factor over the link to the ISP. That means creating eBGP peer connections between a SVI of the 3560 switches as each site has different AS number. But not sure if this would be a good and clean design option. What do you think ?
Regarding Milan's idea of changing the AD of the BGP, I'm just a bit reluctant to change ADs as it dosn't look right for me
Would highly appreciate your thoughts
Best regards
Baranan
12-12-2013 07:20 AM
Baranan,
That's what I do. I have only bgp everywhere and change my weights/local prefs depending on what I want to prefer. It's a lot easier doing that than messing with distance I believe.
HTH,
John
*** Please rate all useful posts ***
12-12-2013 08:21 AM
Hi,
I'd say: It depends.
But handling 300 prefixes with backdoor command is definitely a nightmare.
Depending on your fiber topology and the bandwidth on the lines to your provider.
If you are running 1 Gbps fiber lines and E1 to the provider,e.g., you'd want to prefer the fiber connection as long as any fiber path exist from one site to the other.
In that case changing the AD would be an easy and perfectly working solution.
Running BGP only and playing with the BGP attributes should also work.
But is not so easy and could result in an asymmetric routing in some topologies, I'm afraid.
Best regards,
Milan
12-12-2013 08:35 AM
"But is not so easy and could result in an asymmetric routing in some topologies, I'm afraid."
This is very true....
HTH,
John
*** Please rate all useful posts ***
12-12-2013 08:52 AM
Hello
Given the two choices and the amount of network statement this is relating to - I would opt for the AD change on the Eigrp Process, it also gives you the easist backout procedure.
router eigrp 100
distance eigrp 90 19
sh ip protocols | in Distance|bgp|eigrp
Routing Protocol is "bgp 1"
Gateway Distance Last Update
Distance: external 20 internal 200 local 200
Routing Protocol is "eigrp 100"
Redistributing: eigrp 100
Gateway Distance Last Update
Distance: internal 90 external 19
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
12-12-2013 09:05 AM
Hi Paul,
does it make a sense to configure internal EIGRP prefixes to get a worse AD than eBGP ones in this case?
I don't think so!
router eigrp 100
distance eigrp 9 19
would be more appropriate, I guess.
Best regards,
Milan
12-12-2013 09:59 AM
Hello
yes that a typo i didt notice even when I posted the config - apologies to all
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
12-12-2013 10:31 AM
Hello,
I agree with Milan, changing the AD in this case would be perfect. Also, don't forget that when you're applying the backdoor command you're actually changing the AD of these prefixes to 200. Another way to achieve the same behavior would be to change the AD of eBGP to 200 or something worse than EIGRP:
distance 200 0.0.0.0 255.255.255.255 1
access-list 1 permit 0.0.0.0 255.255.255.255 --- You could specify here the prefixes
Best Regards,
Jose.
12-14-2013 07:10 AM
Dear All,
Many thanks for your great contributions. As all options have been discussed, now I think chaning the bgp AD would be the best option and I will go head with that.
Best regards
Baranan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide