Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
10
Helpful
2
Replies

Project : BGP Multihoming and OSPF

eugen.baum@rogers.com
Level 1
Level 1

‎06-27-2020 09:16 PM

Hello

we have a project to create a network in Data Center to host a few servers and establish BGP connectivity with two different ISPs. 

Please see attached diagram

 

company has public /24 network

we have 3 routers : 2 Cores router connected to ISP and 1 "server" router on the left

The design is to use Core-1 as primary connection only (AS123)

 

and I have the following questions 

 

1) Can I use OSPF on "inside" to allow failover in case primary connection down ? 

2) What IP range to use for OSPF and iBGP (public or private range) ?

3) For security reason - do I use public IPs on servers or use private IPs (NAT)

 

DCdesign.PNG

 

Thank you

 

Labels:
Preview file
68 KB
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎06-27-2020 10:36 PM

 

1) Can I use OSPF on "inside" to allow failover in case of primary connection down? 

 

BB - yes you can use if you like, you can use BFD and IP SLA to track for failover. make BGP use prefered path AS 123, and if that fails to go to 456

 

2) What IP range to use for OSPF and BGP (public or private range)?

 

BB - If you have Public IP you can use ( or anything RFC 1918 IP also do the job)

 

3) For security reason - do I use public IPs on servers or use private IPs (NAT)

 

BB - For security reason always suggest to use for Server Private IP range from RF1918 - with NAT.

If this is DC Environment make sure high availability or redundancy is taken care.

 

 

here is some reference.

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-29-2020 12:44 AM

Hello eugen.baum@rogers.com ,

about question 1 I would like to add the following:

1) You can use OSPF and you can have the two internet routers generating an OSPF default route that can check the next-hop of the eBGP default route

 

 Router_Internet1

ip prefix-list ONLY-DEF permit 0.0.0.0/0

 access-list 11 remark AS 123 eBGP next-hop

access-list 11 permit host A.B.C:D

 

route-map CHECK-EBGP permit 10

match ip address prefix ONLY-DEF

match ip next-hop 11

set type 1

set metric 50

router ospf 10

default-information originate route-map CHECK-EBGP

 

Router_Internet2:

ip prefix-list ONLY-DEF permit 0.0.0.0/0

 access-list 12 remark AS 123 eBGP next-hop

access-list 12 permit host E.F.G:H

 

route-map CHECK-EBGP permit 10

match ip address prefix ONLY-DEF

match ip next-hop 12

set type 1

set metric 500

router ospf 10

default-information originate route-map CHECK-EBGP

 

By checking the next-hop the first internet router will generate a default route in OSPF only until the BGP next-hop for the default route is equal to the expected eBGP next-hop.

 

For points 2 and 3 using private IP addresses as much as possible is to be preferred for security reasons.

Also consider the use of two internal routers for achieving a better fault tolerance as already suggested.

 

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card