06-21-2019 09:50 PM - edited 06-21-2019 10:00 PM
I am testing scenario in the LAB , here is the my setup
A (pair) < eBGP > B(pair) <iBGP>C (pair) < OSPF stub area> D (pair)
Looking for best configuration for C switch pair where the IBGP to OSPF and OSPF to IBGP takes place and should avoid any kind of route looping and also, I am fine protocols mutual redistribution with tags.
I dont need prefix list for route control because i am advertising few 100`s from A pair and few 100`s of routes from OSPF (D pair) and planning to control routes with tags or community ?
I have collected sample configuration from internet but still looking for best
Appreciated quick response
Thanks
Kumar
Solved! Go to Solution.
06-23-2019 11:04 AM - edited 06-23-2019 11:14 AM
Hello Kumar,
mutual redistribution is not needed if you just need to generate a default route in RIP.
Actually, as a security measure we should add the following block to route-map RIP-into-BGP to avoid re-injection of default RIP route into BGP
ip prefix-list ONLY-DEFAULT permit 0.0.0.0/0
route-map RIP-into-BGP deny 5
match address prefix ONLY-DEFAULT
route-map RIP-into-BGP permit 10
set community 65000:1
Mutual redistribution is only needed if you cannot send a default route in the RIP domain, because the default route should come from other devices.
Looking at your network diagram I think that having routers C1 and C2 to send default route to D1,D2 routers is acceptable and even recommended as RIPv2 sends a new copy of each route every 30 seconds 25 routes /RIP update packet.
So avoiding to send hundred of routes coming from BGP saves resources on RIP routers and increases the network stability.
Edit:
in the proposed solution RR1 and RR2 send a default route in iBGP regardless of having or not a default route in their local routing table.
This is achieved by BGP commands
neighbor C1 default-originate
neighbor C2 default-originate
Then C1 and C2 generate a default route in RIP only if they receive the iBGP default route from one of RR1 or RR2 or both for the RIP command
default-information originate
Hope to help
Giuseppe
06-22-2019 12:20 AM
Hello,
it is unclear from your post how your routers are connected. Post a schematic drawing indicating the physical connectivity (e.g. are the iBGP routers peering through the OSPF routers)...
06-22-2019 01:14 AM
Hello Kumar,
given your network topology:
>> A (pair) < eBGP > B(pair) <iBGP>C (pair) < OSPF stub area> D (pair)
my understanding is that each pair means two routers in each section.
However, if there are no connections to C routers C1 and C2 to a standard OSPF area you don't need mutual redistribution of OSPF into BGP and of BGP into OSPF.
In the stub area external routes are not allowed and routers C1 and C2 can act as ABR(0,stub-area) and they will inject a default route as an O IA route 0.0.0.0/0.
So if the only routers in area 0 are C1 and C2 and they both have an iBGP session with B1 and B2 routers the scenario can be supported with no redistribution of BGP into OSPF.
I can guess you currently have iBGP sessions between C1-B1 and between C2-B2.
You should just add two iBGP sessions C1-B2 and C2-B1 and you should be fine without any form of redistribution of BGP into OSPF. The additional iBGP sessions provide redundancy.
At this point you just need to redistribute OSPF into BGP in both C1 and C2 routers to propagate these prefixes to B1, B2 routers.
Hope to help
Giuseppe
06-22-2019 08:24 AM - edited 06-22-2019 08:45 AM
06-22-2019 09:19 AM
Hello Sateesh,
looking at your network diagram I suggest the following:
have OSPF in area 0 running between devices RR and C1 and C2.
Configure iBGP sessions C1 to RR1 C1 to RR2, C2 to RR2 and C2 to RR1 using update-source loop0.
On devices C1, C2 the ones that need to be configured you just need to redistribute OSPF into BGP.
route-map OSPF-into-BGP
set community 65000:1 additive
set tag 1000
router bgp <your-AS-number>
neighbor <RR1-ip-address> remote-as <your-AS-number> update-source loop0
neighbor <RR2-ip-address> remte-as <your-AS-number> update-source loop0
redistribute ospf <ospf-process-id> route-map OSPF-into-BGP
in OSPF you need to advertise the loop0 interfaces in area 0 on all RR1, RR2, C1, C2 routers
C1 router will be an ABR (0, stub-area)
router ospf 10
network 172.16.20.3 0.0.0.0 area 0
network 172.16.34.0 0.0.0.255 area 0
network 172.18.0.0. 0.0.255.255 area 5
area 5 stub
The same on C2:
C1 router will be an ABR (0, stub-area)
router ospf 10
network 172.16.20.4 0.0.0.0 area 0
network 172.16.34.0 0.0.0.255 area 0
network 172.18.0.0. 0.0.255.255 area 5
area 5 stub
Note:
I have supposed C1:loop0 IP address is 172.16.20.3/32 and C2:loop0 IP address is 172.16.20.4/32
I have then supposed that all links between RR1, RR2 and C1,C2 are included within 172.16.34.0/24 and are in area 0.
The network 172.18.0.0/16 represent interfaces in stub area. I have used area 5 as the stub area.
Hope to help
Giuseppe
06-22-2019 10:10 AM
Hi Giuseppe,
have OSPF in area 0 running between devices RR and C1 and C2 - Why we need to have RR in AREA 0? instead i can have loop 0 in C1 & C2 in AREA 0, OSPF ends in C1 and C2 only.
RR - C1/C2 < Loop back Area0 and Stub network in Area 5?
Out of this topic question, just i was going through some article they mentioned need bgp redistribute-internal do we really need this command in our scenarion?
Like in other IGP to IGP redistribution the behavior is different when redistributing IBGP into OSPF. IBGP learned routes are not forwarded to an IGP routing protocol through the redistribute command. Use command “bgp redistribute-internal” under the BGP process on the redistributing router.
By default iBGP redistribution into IGP is disabled.
Route redistribution is used to propagate routes learned using one protocol into another routing protocol. Redistribution of dynamically learned Interior Gateway Protocol (IGP) routes into Border Gateway Protocol (BGP) is not recommended. When Open Shortest Path First (OSPF) is redistributed into Border Gateway Protocol (BGP), only the inter-area and intra-area routes get redistributed. Issuing the redistribute command by itself does not result in redistribution of OSPF external or Not-So-Stubby Area (NSSA)-external routes into BGP.
Thanks
06-22-2019 10:48 PM - edited 06-22-2019 10:58 PM
Hello Sateesh,
the reason for using OSPF area 0 also on RR1 and RR2 is to make them advertise in OSPF their own loop0 IP addresses.
In this way you can build iBGP sessions based on loopbacks on all 4 devices with OSPF providing connectivity between BGP endpoints addresses.
I would recommend this setup instead of having static routes involved to reach loopback addresses.
The C1 and C2 network devices will be ABR = Area Border Routers between area 0 the backbone area and area 5 the stub area.
The C1 and C2 will have links in area 0 to RR1, RR2 and one between them.
The C1 and C2 devices will have other interfaces in area 5 stub to act as ABR for area 5 sending a single LSA type 3 for 0.0.0.0/0 and blocking all OSPF external routes LSA type 5 from entering area 5 stub.
This is the reason why you can avoid mutual redistribution.
If no other network devices are in OSPF area 0, but only RR1, RR2, C1 and C2 there is no need to redistribute iBGP into OSPF.
and yes if you want to redistribute iBGP into OSPF you need the command
router bgp <your ASnum>
bgp redistribute-internal
However, this would increase the complexity as it will become mutual redistribution between OSPF and iBGP on two devices C1 and C2 with the need to control redistribution using route tags on OSPF side and BGP community on BGP side to avoid re-injection.
In your case mutual redistribution can be avoided and you can use a simpler solution.
Edit:
OSPF external routes can be redistributed into BGP with additional commands.
In your network scenario all your OSPF routes coming from area 5 are inter area routes so you should be fine.
Hope to help
Giuseppe
06-22-2019 11:08 PM
Thanks.
but if we use P2P links for ibgp nei then we don’t require to run OSPF on RR?
if I want RIP in the same instead OSPF how the config looks in C ROUTERS , even I want to simulate RIP also :)
regards
kumar
06-22-2019 11:31 PM
Hello Kumar,
if you want to use p2p links also as iBGP endpoints you can avoid to run OSPF on RR1 and RR2.
However, C1 and C2 need to be connected to area 0 to behave as ABR nodes.
So the network commands for p2p links between C1 and RR1, C1 and RR2, C2 and RR1 and C2 and RR2 should be in area 0 and I would add a p2p link between C1 and C2 in area 0.
Using RIP ?
Not recommended in production it is too slow in convergence.
Also with RIP you have no area concept no distinction between internal routes and external routes and RIPv2 support only 16 bit integer route tags.
Hope to help
Giuseppe
06-23-2019 07:23 AM
06-23-2019 08:56 AM - edited 06-23-2019 09:25 AM
Hello Kumar,
if you need to run RIP and RIPv2 is supported you can still avoid mutual redistribution between iBGP and RIP by doing the following:
On RR1, RR2 you can under router bgp commands to send a default route to C1,C2
router bgp <your AS number>
neighbor C1 default-originate
neighbor C2 default-originate
on C1, C2
router rip
version 2
no auto-summary
network 172.16.0.0
network 172.18.0.0
default-information originate
route-map RIP-into-BGP permit 10
set community 65000:1 additive
router bgp
redistribute rip route-map RIP-into-BGP
Edit:
Here the idea is to "emulate OSPF stub area" having RIP routers C1 and C2 to generate a default route in RIP conditioned on receiving a default route in iBGP from RR1 or RR2.
This way mutual redistribution is avoided.
Let me know if this is fine for your network scenario.
Hope to help
Giuseppe
06-23-2019 10:19 AM - edited 06-23-2019 09:21 PM
Thanks Giuseppe and appropriated your quick response.
If originate default route in RIP and redistributing into IBGP , Assuming my core router (sitting on top in the diagram) don’t get default route from D pair with below configuration ? because we are redistributing from RIP which was originated default to back BGP and from Core one more default to C1 ... assuming C1 has two defaults one is redistributed and other from RR..at the END default will win and make that as primary route?
Thanks
Kumar.
06-23-2019 11:04 AM - edited 06-23-2019 11:14 AM
Hello Kumar,
mutual redistribution is not needed if you just need to generate a default route in RIP.
Actually, as a security measure we should add the following block to route-map RIP-into-BGP to avoid re-injection of default RIP route into BGP
ip prefix-list ONLY-DEFAULT permit 0.0.0.0/0
route-map RIP-into-BGP deny 5
match address prefix ONLY-DEFAULT
route-map RIP-into-BGP permit 10
set community 65000:1
Mutual redistribution is only needed if you cannot send a default route in the RIP domain, because the default route should come from other devices.
Looking at your network diagram I think that having routers C1 and C2 to send default route to D1,D2 routers is acceptable and even recommended as RIPv2 sends a new copy of each route every 30 seconds 25 routes /RIP update packet.
So avoiding to send hundred of routes coming from BGP saves resources on RIP routers and increases the network stability.
Edit:
in the proposed solution RR1 and RR2 send a default route in iBGP regardless of having or not a default route in their local routing table.
This is achieved by BGP commands
neighbor C1 default-originate
neighbor C2 default-originate
Then C1 and C2 generate a default route in RIP only if they receive the iBGP default route from one of RR1 or RR2 or both for the RIP command
default-information originate
Hope to help
Giuseppe
06-23-2019 09:58 PM
06-25-2019 11:34 AM - edited 06-25-2019 11:36 AM
Hi Giuseppe
As soon as i enable stub area on C and D pair default route getting over written by OSPF because the default route which i am originating from BGP(top pair) to IBGP with Ad is 200 so, OSPF is winning?
Without OSPF stub area
C pair routers(config-router-ospf)#show ip route 0.0.0.0/0 (receiving from upstream which is my core)
Gateway of last resort:
B I 0.0.0.0/0 [200/0] via 1.1.1.13, Ethernet10
via 1.1.1.15, Ethernet11
As soon as I enable totally STUB area.
C Pair router#show ip rou 0.0.0.0/0 (receiving from downstream)
Gateway of last resort:
O IA 0.0.0.0/0 [110/24] via 1.1.1.21, Ethernet14
via 1.1.1.25, Ethernet15
This is happening without redistribution itself, may be do i need DENY default while redistribute?
Thanks
Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide