03-17-2022 03:09 PM
Hello,
I’m working with a 5-office WAN and all sites are using BGP to exchange routing information. At the Main site and the DR site, I have firewalls that don’t run BGP so I’m using OSPF on those. The firewalls are configured so that when the Internet is detected as up, the default route will be advertised. At both the Main site and DR, I have L3 switches peered with the firewalls and the switches receive the OSPF default routes properly. I have the DR default route configured with a metric of 254 so it will be less preferred.
The goal is to have all sites, even DR, use the Internet connection at the Main site when it’s up and then have all sites use the DR Internet if the main connection goes down. If I start off with both firewalls advertising default routes via OSPF to the L3 switches, everything is good. The L3 switch at Main receives the OSPF default route from the Main firewall, it gets redistributed into BGP, and the L3 switch at DR (and all of the other sites) see that default route coming from Main and their Internet traffic flows out that way. When I take down the Main Internet connection, the OSPF default route kicks in like it should and it gets redistributed via BGP. All of the sites see the new default route coming from the DR site and all of the Internet traffic flows out the DR Internet connection.
Now here’s where I have my problem. When I restore the Main Internet connection, Main and all of the sites except DR see the default route coming from Main and their Internet traffic flows out the Main Internet connection again. However, on the L3 switch at DR, I see that device holding on to to the OSPF default route coming from the DR firewall and so the DR site continues to send its Internet traffic out the DR Internet connection. If I go into the DR firewall and tell it to stop advertising the OSPF default route, and then toggle it back on to advertise to reset everything, then the DR site see the Main default route and things are back to normal.
I’m still learning my way through the finer points of BGP but here’s what I THINK is happening.
When I’m starting from scratch, the DR L3 switch will have two default routes - one learned from BGP with an AD of 20 and one learned from OSPF with an AD of 110. So the BGP default route gets installed into the routing table and everything is good. That eBGP learned route has a weight of 0. When I take down the Main Internet, that eBGP default route goes away and the OSPF default route gets installed in the table and then redistributed into BGP. BGP sees a redistributed route as locally generated and gives is a weight of 32768. When I restore the Main Internet connection, the Main default route from OSPF will get redistributed into BGP and the DR L3 switch will pick it up again but it will still have a weight of 0 and so it won’t replace the locally generated route with the weight of 32768.
I’m hoping someone here can tell me if I’m on the right track with my thinking and if so, how might I go about tweaking things so that the Main OSPF default route that is redistributed into BGP is always preferred over the DR OSPF default route that gets redistributed into BGP.
Thank you for taking the time to read this!
Daniel
03-17-2022 04:03 PM
Read this doc. It help you to solve issue.
03-17-2022 09:41 PM
Hi MHM,
Thanks for providing that link! I tried the following in my config:
ip prefix-list NETWORKS permit 0.0.0.0/0
ip prefix-lsit NETWORKS permit 192.168.17.0/24
route-map FROM-WAN permit 10
match ip address prefix-list NETWORKS
set weight 40000
route-map FROM-WAN permit 20
router bgp 65000
neighbor 192.168.1.2 route-map FROM-WAN in
When I applied that new route-map and did a soft reset on the BGP in, I did see the weight change to 40000 for the 192.168.17.0/24 route but the weight on the 0.0.0.0/0 default route remained at 0. Is there something special I would need to do in order to manipulate the weight on that default route that is coming in from the WAN?
Thank you!
Daniel
03-18-2022 06:21 AM
show ip prefix-list detail
can see that both prefix appear and Hit??
03-18-2022 05:21 AM
Hi
I was trying to undestand your scenario and sorry making question instead write a solution but I got confuse with some information you shared.
"I’m still learning my way through the finer points of BGP but here’s what I THINK is happening..."
When I’m starting from scratch, the DR L3 switch will have two default routes -
one learned from BGP with an AD of 20
Leaning from where? If I understood corretly, you have OSPF between Core and Firewall and BGP between Core and Sites. Correct? So, from where this default routes come using BGP? From the Main site?
Are you sure? If you run the command show ip route on the DR do you see it? Or if you run 'show ip bgp nei x.x.x.x advertise-routes on Main site does it send a default route on the BGP update?
and one learned from OSPF with an AD of 110.
That´s Ok. If you manually created a static route on the firewall and redistribute it into OSPF then your Core will receive a route:
Something like O*E2 0.0.0.0/0 [110/1] via x.x.x.x interface x/x
So the BGP default route gets installed into the routing table and everything is good.
I was wonding if you have the command 'ip route ' on the core. Otherwise, still didn´t get from where it gets this route from.
That eBGP learned route has a weight of 0.
When I take down the Main Internet, that eBGP default route goes away and the OSPF default route gets installed in the table and then redistributed into BGP.
This suppose to me that de default route learned on the BGP comes from the ISP?
I dont belive firewall speaks OSPF with the ISP. If ISP goes down, who can the firewall knows it and take action? The interface facing ISP does not participate the OSPF network, this way there will no convergence after that.
Do you have some Border internet?
BGP sees a redistributed route as locally generated and gives is a weight of 32768.
When I restore the Main Internet connection, the Main default route from OSPF will get redistributed into BGP and the DR L3 switch will pick it up again but it will still have a weight of 0 and so it won’t replace the locally generated route with the weight of 32768.
Sorry if I confused more but I was trying to understand in order to help. Would be great if you could share the topology and maybe some configuration and show commands.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide