Solved: Re: Problems with move to bgp and mpls

terry.davis · ‎12-26-2009

Hello Everyone

I am in the process of moving my enterprise from a hub and spoke layout utilizing privdate T-1's and EIGRP to an MPLS setup using BGP.

I have a branch office that I am trying to move over this new setup and I cannot get it to communicate over the new circuit. I have shutdown EIGRP on this router and attempted to shutdown the interface for the private T-1 and all pc's stop communicating with resources at our data center and with internet. This is my first site to move over to MPLS

The results of a looking at BGP for the data center network is as follows

sh ip bgp 192.168.1.0

BGP routing table entry for 192.168.1.0/24, version 33
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
7018 7018
12.92.177.145 from 12.92.177.145 (12.122.124.19)
Origin IGP, localpref 100, valid, external, best
Community: 916130247

This is getting the route over the MPLS connection.

The local network 192.168.5.0/24 shows as follows

sh ip bgp 192.168.5.0
BGP routing table entry for 192.168.5.0/24, version 19
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
     1
Local
    0.0.0.0 from 0.0.0.0 (192.168.5.1)
      Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local,
best

The bgp portion of the running-config is as follows:

router bgp 64512
no synchronization
bgp router-id 192.168.5.1
bgp log-neighbor-changes
network 192.168.5.0
neighbor 12.92.177.145 remote-as 7018
no auto-summary

The bgp portion of my data center router is as follows

router bgp 64512
synchronization
bgp router-id 192.168.1.1
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.6.0
network 192.168.11.0
network 192.168.100.0
network 192.168.254.240 mask 255.255.255.240
neighbor 12.92.204.141 remote-as 7018
auto-summary
!
address-family nsap
no synchronization
exit-address-family

The sh ip bgp command on the data center router is as follows

sh ip bgp
BGP table version is 424, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 12.38.168.0/24   12.92.204.141                          0 7018 2386 i
*> 12.85.103.104/30 12.92.204.141                          0 7018 ?
*> 12.85.235.172/30 12.92.204.141            0             0 7018 ?
*> 12.92.166.24/30 12.92.204.141            0             0 7018 ?
*> 12.92.169.40/30 12.92.204.141                          0 7018 ?
*> 12.92.177.120/30 12.92.204.141                          0 7018 ?
*> 12.92.177.144/30 12.92.204.141                          0 7018 ?
*> 12.92.182.204/30 12.92.204.141            0             0 7018 ?
r> 12.92.204.140/30 12.92.204.141            0             0 7018 ?
*> 12.113.231.176/30
                    12.92.204.141            0             0 7018 ?
*> 12.117.8.184/30 12.92.204.141            0             0 7018 ?
*> 135.89.152.56/29 12.92.204.141                          0 7018 2386 i
*> 135.89.152.128/28
                    12.92.204.141                          0 7018 2386 i
*> 135.89.154.152/29
                    12.92.204.141                          0 7018 2386 i
*> 135.89.157.160/28
                    12.92.204.141                          0 7018 2386 i
*> 192.168.1.0      0.0.0.0                  0         32768 i
*> 192.168.3.0      192.168.254.18     2172416         32768 i
*> 192.168.5.0      12.92.204.141                          0 7018 7018 i
*> 192.168.6.0      0.0.0.0                  0         32768 i
*> 192.168.7.0      192.168.254.26     2686976         32768 i
*> 192.168.11.0     0.0.0.0                  0         32768 i
*> 192.168.12.0     192.168.254.14           2         32768 i
*> 192.168.100.0    0.0.0.0                  0         32768 i
*> 192.168.254.0    0.0.0.0                  0         32768 i
*> 192.168.254.240/28
                    0.0.0.0                  0         32768 i

If someone could enlighten me as to a correction for this issue it would be greatly appreciated

Thanks

tld

Edison Ortiz · ‎12-26-2009

On the remote router:

ip prefix-list BGP-TO-EIGRP permit 192.168.1.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.6.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.11.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.100.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.254.240/28

route-map BGP-TO-EIGRP

match ip address prefix-list BGP-TO-EIGRP

router eigrp xx

redistribute BGP xx route-map BGP-TO-EIGRP metric x x x x x

On the HQ router

ip prefix-list BGP-TO-EIGRP permit 192.168.5.0/24

route-map BGP-TO-EIGRP

match ip address prefix-list BGP-TO-EIGRP

router eigrp xx

redistribute BGP xx route-map BGP-TO-EIGRP metric x x x x x

Regards

Edison

View solution in original post

marikakis · ‎12-26-2009

Just because you move to MPLS and need BGP between sites, this doesn't mean you do not need an IGP anymore. BGP is used for routing between sites. You still need an IGP running within each site for end-to-end traffic delivery, so I wouldn't recommend shutting down your IGP completely. Also, just in case, have auto-summary disabled under the BGP of the datacenter site router.

terry.davis · ‎12-26-2009

Edison,

Here is my sh ip bgp from the remote router

sh ip bgp
BGP table version is 43, local router ID is 192.168.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 12.38.168.0/24   12.92.177.145                          0 7018 2386 i
*> 12.85.103.104/30 12.92.177.145            0             0 7018 ?
*> 12.85.235.172/30 12.92.177.145                          0 7018 ?
*> 12.92.166.24/30 12.92.177.145                          0 7018 ?
*> 12.92.166.24/30 12.92.177.145                          0 7018 ?
*> 12.92.177.120/30 12.92.177.145            0             0 7018 ?
r> 12.92.177.144/30 12.92.177.145            0             0 7018 ?
*> 12.92.182.204/30 12.92.177.145                          0 7018 ?
*> 12.92.204.140/30 12.92.177.145                          0 7018 ?
*> 12.113.231.176/30
                    12.92.177.145                          0 7018 ?
*> 12.117.8.184/30 12.92.177.145                          0 7018 ?
*> 135.89.152.56/29 12.92.177.145                          0 7018 2386 i
*> 135.89.152.128/28
                    12.92.177.145                          0 7018 2386 i
*> 135.89.154.152/29
                    12.92.177.145                          0 7018 2386 i
*> 135.89.157.160/28
                    12.92.177.145                          0 7018 2386 i
*> 192.168.1.0      12.92.177.145                          0 7018 7018 i
*> 192.168.5.0      0.0.0.0                  0         32768 i
*> 192.168.6.0      12.92.177.145                          0 7018 7018 i
*> 192.168.11.0     12.92.177.145                          0 7018 7018 i
*> 192.168.100.0    12.92.177.145                          0 7018 7018 i
*> 192.168.254.240/28
                    12.92.177.145                          0 7018 7018 i

Thank you very much for the reply. I am looking into how to setup the redistribution into EIGRP now.

tld

Marwan ALshawi · ‎12-26-2009

quick question

where this network located ( 192.168.5.0) ?

also can you make sure synchronization is disabled on all your routers

by doing under bgp

no synic

i think this network 192.168.6.0 in your HQ can you try traceroute to it from your reote site and see where your tracing stop

terry.davis · ‎12-26-2009

marwanshawi,

The 192.168.5.0 network is at my remote site.

I did have synchronization enabled on my data center router but have disabled it.

here is the output of traceroute from the remote site router to 192.168.6.9

traceroute 192.168.6.9

Type escape sequence to abort.
Tracing the route to 192.168.6.9

1 12.92.177.145 12 msec 12 msec 12 msec
2 cr2.attga.ip.att.net (12.122.96.210) [MPLS: Labels 17193/16340 Exp 3] 24 mse
c 24 msec 20 msec
3 cr82.attga.ip.att.net (12.123.22.254) [MPLS: Labels 17192/16340 Exp 3] 24 ms
ec 20 msec 20 msec
4 12.92.204.141 [AS 7018] [MPLS: Label 16340 Exp 3] 20 msec 20 msec 20 msec
5 12.92.204.142 [AS 7018] 20 msec 20 msec 20 msec
6 192.168.6.9 [AS 7018] 20 msec 20 msec 20 msec

thanks

tld

Edison Ortiz · ‎12-26-2009

On the remote router:

ip prefix-list BGP-TO-EIGRP permit 192.168.1.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.6.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.11.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.100.0/24

ip prefix-list BGP-TO-EIGRP permit 192.168.254.240/28

route-map BGP-TO-EIGRP

match ip address prefix-list BGP-TO-EIGRP

router eigrp xx

redistribute BGP xx route-map BGP-TO-EIGRP metric x x x x x

On the HQ router

ip prefix-list BGP-TO-EIGRP permit 192.168.5.0/24

route-map BGP-TO-EIGRP

match ip address prefix-list BGP-TO-EIGRP

router eigrp xx

redistribute BGP xx route-map BGP-TO-EIGRP metric x x x x x

Regards

Edison

terry.davis · ‎12-26-2009

Edison,

I have implemented the commands that you have given me and I can access the local server resources at my data center now but I cannot access the internet from the pc's at the remote site. My internet connection is at my data center and comes off of my data center router where I entered in the commands that you provided.

I really appreciate the help you have given me concerning this.

thanks

tld

Edison Ortiz · ‎12-26-2009

For internet connection, you need to inject a default route into BGP from the HQ router.

If you have a 0.0.0.0 in the HQ router routing table, simply go into the BGP process and type network 0.0.0.0

Verify this default is making it all the way to the remote router with the show ip bgp command.

At the remote router, you need to draw traffic from the LAN to itself by originating a default route from EIGRP.

Just add 0.0.0.0 to the prefix-list I gave you before, for instance:

ip prefix-list BGP-TO-EIGRP permit 0.0.0.0/0

And the default will also be redistributed from BGP into EIGRP.

Regards

Edison

terry.davis · ‎12-26-2009

Edison,

Thank you very much. this has corrected the issue I was having and I now know what I must do for my other sites.

tld

terry.davis · ‎12-26-2009

marikakis,

When I setup EIGRP on the remote router again would I setup it only for the remote network instead of all 192.168.0.0 0.0.255.255 networks like it was setup before?

Thanks

tld

marikakis · ‎12-26-2009

I don't see any problem with your BGP so far. My first post was a bit short because I wanted to stress the requirement for an IGP within each site. Edison went further and suggested redistribution from BGP to IGP. You can have the following things in mind:

1. You need an IGP within each site (intra-site routing) as usual.

2. You do not run an IGP between sites, but use BGP for that purpose (inter-site routing). In practice this means you do not activate the IGP on the interface facing the provider's BGP peer.

3. Because of 1,2 you need 'communication' of routes between BGP and IGP (so that routers internal to a site can learn about remote destinations).

The 'communication' from IGP to BGP is implicitly handled on your side by using network command under BGP process. The 'communication' from BGP to IGP can be done with redistribution from BGP to IGP as Edison suggested (preferrably using a route-map for better control of redistribution). If your topology within each site is very simple, you can get away with some default route pointing to each site's edge router (who has better knowledge of networks), instead of using redistribution. Default route might be easier to grasp as a concept, but needs one to be careful to avoid weird situations (such as loops).

Kind Regards,

Maria

p.s. This thread moved fast while I was writing this. Anyway, I hope this helps.

Edison Ortiz · ‎12-26-2009

Your HQ router is getting the remote's route

*> 192.168.5.0 12.92.204.141 0 7018 7018 i

Can we also see the BGP table from the remote router? It should display all routes advertised by the router at the HQ.

You also indicated you are running EIGRP and as the IGP in your LAN. Are you redistributing from BGP into EIGRP at the HQ router so L3 devices running EIGRP have network reachability information towards 192.168.5.0/24?

If you have L3 devices at the remote location running only EIGRP, you must also do the same at the Edge router running BGP - that is redistributing BGP into EIGRP.

Regards,

Edison.