cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1014
Views
5
Helpful
10
Replies

Routing iBGP instead of EIGRP, config help

milan.bako
Level 1
Level 1

Hi,

 

we would like to change our Routing protocol and using BGP (iBGP) instead of EIGRP.  I have done some configuration but I am not sure that will work after I turn off EIGRP. (I am quiet sure it wont work.)

Can you please help me to solve this? I think I might have a problem with the routing regarding the Gi interfaces connected each other. (Which were in EIGRP no passive-interfaces)

 

First please ignore the links to R0 and R4. First I would like to have a config working between R1, R2, R3.

 

This is what we have:

 

R1:

interface Loopback0
ip address 10.18.253.24 255.255.255.255
!
interface GigabitEthernet0/0/4

description to R2
ip address 10.18.253.46 255.255.255.252

!

interface GigabitEthernet0/0/5
description R1-LOCAL
ip address 10.18.253.178 255.255.255.248
standby 1 ip 10.18.253.179
...
interface GigabitEthernet0/0/11

description to R0
ip address 10.18.253.90 255.255.255.252
!
router eigrp 1
network 10.18.253.24 0.0.0.0
network 10.18.253.44 0.0.0.3
network 10.18.253.88 0.0.0.3
network 10.18.253.176 0.0.0.7
redistribute static
passive-interface default
no passive-interface GigabitEthernet0/0/4
no passive-interface GigabitEthernet0/0/11
eigrp router-id 10.18.253.24
!
ip route 10.88.0.0 255.255.128.0 10.18.253.181
ip route 10.88.128.0 255.255.192.0 10.18.253.182
ip route 10.88.192.0 255.255.192.0 10.18.253.181
ip route 172.25.0.0 255.255.224.0 10.18.253.181
ip route 172.25.32.0 255.255.224.0 10.18.253.182
ip route 172.25.64.0 255.255.255.0 10.18.253.182
ip route 172.25.65.0 255.255.255.0 10.18.253.182
ip route 172.25.66.0 255.255.255.0 10.18.253.181
ip route 172.25.255.0 255.255.255.0 10.18.253.181
!

 

My BGP config on R1:

router bgp 64646
bgp log-neighbor-changes
network 10.18.253.24 mask 255.255.255.255
network 10.18.253.44 mask 255.255.255.252
network 10.18.253.88 mask 255.255.255.252
network 10.18.253.176 mask 255.255.255.248
redistribute static
neighbor 10.18.253.25 remote-as 64646
neighbor 10.18.253.25 update-source Loopback0
neighbor 10.18.253.25 route-reflector-client
!

 

R2:

interface Loopback0
ip address 10.18.253.25 255.255.255.255
!
interface GigabitEthernet0/0/4

description to R1
ip address 10.18.253.45 255.255.255.252
!
interface GigabitEthernet0/0/5
description R2-LOCAL
ip address 172.23.252.5 255.255.224.0
standby 1 ip 172.23.252.1
...
!
interface GigabitEthernet0/0/11

description to R3
ip address 10.18.253.85 255.255.255.252
!
router eigrp 1
network 10.18.253.25 0.0.0.0
network 10.18.253.44 0.0.0.3
network 10.18.253.84 0.0.0.3
network 172.23.224.0 0.0.31.255
redistribute static
passive-interface default
no passive-interface GigabitEthernet0/0/4
no passive-interface GigabitEthernet0/0/11
eigrp router-id 10.18.253.25
!
ip default-gateway 172.23.252.1
ip route 10.23.0.0 255.255.0.0 172.23.252.253
ip route 10.80.0.0 255.255.128.0 172.23.252.254
ip route 10.80.128.0 255.255.192.0 172.23.252.253
ip route 10.80.192.0 255.255.192.0 172.23.252.254
ip route 172.23.0.0 255.255.0.0 172.23.252.254
!

 

My BGP config on R2:

router bgp 64646
bgp log-neighbor-changes
network 10.18.253.25 mask 255.255.255.255
network 10.18.253.44 mask 255.255.255.252
network 10.18.253.84 mask 255.255.255.252
network 172.23.224.0 mask 255.255.224.0
redistribute static
neighbor 10.18.253.24 remote-as 64646
neighbor 10.18.253.24 update-source Loopback0
neighbor 10.18.253.24 route-reflector-client
neighbor 10.18.253.26 remote-as 64646
neighbor 10.18.253.26 update-source Loopback0
neighbor 10.18.253.26 route-reflector-client
!

 

R3:

interface Loopback0
ip address 10.18.253.26 255.255.255.255
!
interface GigabitEthernet0/0/4
description to R4
ip address 10.18.253.50 255.255.255.252
!
interface GigabitEthernet0/0/5
description R3-LOCAL
ip address 172.23.252.6 255.255.224.0
standby 1 ip 172.23.252.1

...
!
interface GigabitEthernet0/0/11
description to R2
ip address 10.18.253.86 255.255.255.252
!
router eigrp 1
network 10.18.253.26 0.0.0.0
network 10.18.253.48 0.0.0.3
network 10.18.253.84 0.0.0.3
network 172.23.224.0 0.0.31.255
redistribute static
passive-interface default
no passive-interface GigabitEthernet0/0/4
no passive-interface GigabitEthernet0/0/11
eigrp router-id 10.18.253.26
!
ip default-gateway 172.23.1.20
ip route 10.23.0.0 255.255.0.0 172.23.252.253
ip route 10.80.0.0 255.255.128.0 172.23.252.254
ip route 10.80.128.0 255.255.192.0 172.23.252.253
ip route 10.80.190.0 255.255.255.0 172.23.252.254
ip route 10.80.192.0 255.255.192.0 172.23.252.254
ip route 172.23.0.0 255.255.0.0 172.23.252.254
!

 

My BP config on R3:

router bgp 64646
bgp log-neighbor-changes
network 10.18.253.26 mask 255.255.255.255
network 10.18.253.48 mask 255.255.255.252
network 10.18.253.84 mask 255.255.255.252
network 172.23.224.0 mask 255.255.224.0
redistribute static
neighbor 10.18.253.25 remote-as 64646
neighbor 10.18.253.25 update-source Loopback0
neighbor 10.18.253.25 route-reflector-client
!

 

////// show ip bgp //////

 

R1#show ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 10.18.253.24/32 0.0.0.0 0 32768 i
r>i 10.18.253.25/32 10.18.253.25 0 100 0 i
r>i 10.18.253.26/32 10.18.253.26 0 100 0 i
* i 10.18.253.44/30 10.18.253.25 0 100 0 i
*> 0.0.0.0 0 32768 i
r>i 10.18.253.48/30 10.18.253.26 0 100 0 i
r>i 10.18.253.84/30 10.18.253.25 0 100 0 i
*> 10.18.253.88/30 0.0.0.0 0 32768 i
*> 10.18.253.176/29 0.0.0.0 0 32768 i
r>i 10.23.0.0/16 172.23.252.253 0 100 0 ?
r>i 10.80.0.0/17 172.23.252.254 0 100 0 ?
r>i 10.80.128.0/18 172.23.252.253 0 100 0 ?
r>i 10.80.190.0/24 172.23.252.254 0 100 0 ?
r>i 10.80.192.0/18 172.23.252.254 0 100 0 ?
*> 10.88.0.0/17 10.18.253.181 0 32768 ?
*> 10.88.128.0/18 10.18.253.182 0 32768 ?
*> 10.88.192.0/18 10.18.253.181 0 32768 ?
r>i 172.23.0.0 172.23.252.254 0 100 0 ?
r>i 172.23.224.0/19 10.18.253.25 0 100 0 i
*> 172.25.0.0/19 10.18.253.181 0 32768 ?
*> 172.25.32.0/19 10.18.253.182 0 32768 ?
*> 172.25.64.0/24 10.18.253.182 0 32768 ?
*> 172.25.65.0/24 10.18.253.182 0 32768 ?
*> 172.25.66.0/24 10.18.253.181 0 32768 ?
*> 172.25.255.0/24 10.18.253.181 0 32768 ?

 

R2#show ip bgp

Network Next Hop Metric LocPrf Weight Path
r>i 10.18.253.24/32 10.18.253.24 0 100 0 i
*> 10.18.253.25/32 0.0.0.0 0 32768 i
r>i 10.18.253.26/32 10.18.253.26 0 100 0 i
*> 10.18.253.44/30 0.0.0.0 0 32768 i
* i 10.18.253.24 0 100 0 i
r>i 10.18.253.48/30 10.18.253.26 0 100 0 i
*> 10.18.253.84/30 0.0.0.0 0 32768 i
* i 10.18.253.26 0 100 0 i
r>i 10.18.253.88/30 10.18.253.24 0 100 0 i
r>i 10.18.253.176/29 10.18.253.24 0 100 0 i
*> 10.23.0.0/16 172.23.252.253 0 32768 ?
* i 172.23.252.253 0 100 0 ?
*> 10.80.0.0/17 172.23.252.254 0 32768 ?
* i 172.23.252.254 0 100 0 ?
*> 10.80.128.0/18 172.23.252.253 0 32768 ?
* i 172.23.252.253 0 100 0 ?
r>i 10.80.190.0/24 172.23.252.254 0 100 0 ?
*> 10.80.192.0/18 172.23.252.254 0 32768 ?
* i 172.23.252.254 0 100 0 ?
r>i 10.88.0.0/17 10.18.253.181 0 100 0 ?
r>i 10.88.128.0/18 10.18.253.182 0 100 0 ?
r>i 10.88.192.0/18 10.18.253.181 0 100 0 ?
*> 172.23.0.0 172.23.252.254 0 32768 ?
* i 172.23.252.254 0 100 0 ?
*> 172.23.224.0/19 0.0.0.0 0 32768 i
* i 10.18.253.26 0 100 0 i
r>i 172.25.0.0/19 10.18.253.181 0 100 0 ?
r>i 172.25.32.0/19 10.18.253.182 0 100 0 ?
r>i 172.25.64.0/24 10.18.253.182 0 100 0 ?
r>i 172.25.65.0/24 10.18.253.182 0 100 0 ?
r>i 172.25.66.0/24 10.18.253.181 0 100 0 ?
r>i 172.25.255.0/24 10.18.253.181 0 100 0 ?

 

R3#show ip bgp

Network Next Hop Metric LocPrf Weight Path
r>i 10.18.253.24/32 10.18.253.24 0 100 0 i
r>i 10.18.253.25/32 10.18.253.25 0 100 0 i
*> 10.18.253.26/32 0.0.0.0 0 32768 i
r>i 10.18.253.44/30 10.18.253.25 0 100 0 i
*> 10.18.253.48/30 0.0.0.0 0 32768 i
* i 10.18.253.84/30 10.18.253.25 0 100 0 i
*> 0.0.0.0 0 32768 i
r>i 10.18.253.88/30 10.18.253.24 0 100 0 i
r>i 10.18.253.176/29 10.18.253.24 0 100 0 i
* i 10.23.0.0/16 172.23.252.253 0 100 0 ?
*> 172.23.252.253 0 32768 ?
* i 10.80.0.0/17 172.23.252.254 0 100 0 ?
*> 172.23.252.254 0 32768 ?
* i 10.80.128.0/18 172.23.252.253 0 100 0 ?
*> 172.23.252.253 0 32768 ?
*> 10.80.190.0/24 172.23.252.254 0 32768 ?
* i 10.80.192.0/18 172.23.252.254 0 100 0 ?
*> 172.23.252.254 0 32768 ?
r>i 10.88.0.0/17 10.18.253.181 0 100 0 ?
r>i 10.88.128.0/18 10.18.253.182 0 100 0 ?
r>i 10.88.192.0/18 10.18.253.181 0 100 0 ?
* i 172.23.0.0 172.23.252.254 0 100 0 ?
*> 172.23.252.254 0 32768 ?
* i 172.23.224.0/19 10.18.253.25 0 100 0 i
*> 0.0.0.0 0 32768 i
r>i 172.25.0.0/19 10.18.253.181 0 100 0 ?
r>i 172.25.32.0/19 10.18.253.182 0 100 0 ?
r>i 172.25.64.0/24 10.18.253.182 0 100 0 ?
r>i 172.25.65.0/24 10.18.253.182 0 100 0 ?
r>i 172.25.66.0/24 10.18.253.181 0 100 0 ?
r>i 172.25.255.0/24 10.18.253.181 0 100 0 ?

 

I hope this is enough information to understand the concept here to help me out.

When not, just please ask so I can provide more.

 

Thank you in advance and regards,

Milan

10 Replies 10

It looks like you are binding BGP to a loopback interface which is fine. The problem is you won't have any way for your BGP neighbors to find that loopback interface unless you have some kind of interior routing protocol. You could use static routes for that, but that would be a big administrative burden. Just curious, but why are you moving away from EIGRP? I have had a few customers use BGP internally, but most use some sort of IGP (EIGRP, OSPF) in combination with BGP.

Hi Elliot,

 

thank you for your reply.

 

The customer wants to replace some Cisco Routers with Firewalls, and the firewalls going to speak BGP as a routing protocol.

I have tried to configure eigrp redistribution,

 

BGP R1:

router bgp 64646

neighbor 10.18.253.25 remote-as 64646
neighbor 10.18.253.25 update-source Loopback0
neighbor 10.18.253.25 route-reflector-client

redistribute eigrp 1

 

but I havent seen in "show ip bgp" for example the local Network on R1: 10.88.0.0/X on R2 or on R3.

Which means something was not good.

 

As for your solution if I am correct, than you suggest to have a static route on

R1:

ip route 10.18.253.25 255.255.255.255 GigabitEthernet0/0/4

 

R2:

ip route 10.18.253.24 255.255.255.255 GigabitEthernet0/0/4

ip route 10.18.253.26 255.255.255.255 GigabitEthernet0/0/11

 

R3:

ip route 10.18.253.25 255.255.255.255 GigabitEthernet0/0/11

 

so the BGP can find the neighbors after I have turned of the EIGRP.

 

Is this correct?

With this config would it be enough and good?

 

Regards,

Milan

 

If you have all the routing protocols off and you can ping using the source as the loopback to the destination loopback, then BGP should be able to form an adjacency. Generally the reason for using a loopback as the source address for BGP is if you have multiple paths between the neighbors. If you only have one path, you are better off using the physical interface where they meet as the peering address. That also means all the complexity of the static routes goes away too. I haven't looked in great detail at your config, but peering using the physical IP's looks like the right way to go in your situation. All IMHO, of course. I would also be really careful about redistribution, even more so if you are doing mutual redistribution. Think about how you could accomplish the routing with summaries instead of redistribution, if possible. You are less likely to create routing black holes if you do it that way.

In this case I might not have a multiple path, but on the other Routers I have. And I would like to have a "clear" configuration. So I have to use the loopback interfaces, cuz they are always up and I have also routers with multiple path.

 

My question is:

If you go a bit in details. Where you can see my EIGRP config with static redistribution.

Can I change/replace that EIGRP with the BGP config I have posted if I also configure the static routes which show my BGP neighbors as you have mentioned before?

Things look different in your latest config snippet than they did in the first config snippet you posted. In general terms, you rarely want to use redistribution into BGP. You use a "network" statement to identify what you want to advertise. If that route appear in the routers local route table, BGP will advertise it. You can override that with "no sync" in your BGP definition, but be careful with that. Before I comment too much, I'd like to understand your topology better. Are the firewalls internet facing? Are there more than one? A network diagram would be very helpful.

Hi,

 

here is the network diagram.

It is a really good question where the Firewalls will be, but I assume they are going to replace a couple of routers like R6-R13.

As for the internetfacing question I would say they are only connected via provider router so they dont really have public interfaces.

 

grafik.png

Hello @milan.bako ,

ip route 10.18.253.25 255.255.255.255 GigabitEthernet0/0/4

 

you are relying on Proxy ARP to be enabled on the other device it would be better to use an IP next-hop instead of using an exit interface of type LAN.

 

As I have written in my previous post in this thread I would consider moving from EIGRP to OSPF as underlying IGP to build and support iBGP sessions on loopbacks if you are going to a multi vendor scenario with new Firewalls.

 

Unless you have a very small network using an IGP is more appropriate and it is more manageable and self healing in case of a link failiure.

 

Hope to help

Giuseppe

 

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @milan.bako ,

your BGP configuration looks like strange.

You use the command route-reflector client everywhere.

This is not correct this command has to be used only on the route reflector side (server side only)

You will need to use route reflector servers to avoid the full mesh iBGP problem but one or two RRS will serve a common set of clients.

This is called a cluster. All RRS need to be fully meshed in iBGP with dedicated normal iBGP sessions.

 

In addition to this as already noted it is really difficult to run iBGP on loopbacks without an underlying IGP.  I would say it is highly recommended to use one.

If you are introducing Firewalls of other vendors I would suggest you to consider using OSPF to provide connectivity between loopbacks and running iBGP sessions over it.

To be noted you can run OSPF together with EIGRP without problems, EIGRP routes will be preferred but OSPF flooding will work the same and you can examine the correct OSPF propagation of LSAs using show ip ospf database commands even if no OSPF route is installed in IP routing table.

 

Final note: you see a lot of r> prefixes in show ip bgp ,  but this is normal they are just RIB failure because iBGP AD of 200 is worse then EIGRP routes AD of 90 for internal routes and 170 for EIGRP external routers (D EX).

 

Hope to help

Giuseppe

 

Hi Giuseppe,

 

thank you for your comments, I wanted to use OSPF with EIGRP as well, but the customer insist on to use BGP... (Where I am lack of experiences.)

 

Right now they have EIGRP and Static Routes... They would like to use BGP instead of the EIGRP.

What I can do is to keep EIGRP between the BGP neigbors/nodes and do every other routing via BGP.

Or as I have written earlier, if I have to disable EIGRP, then I have to use the static routes to show the routers where the neighbors (Loopbacks) are.

 

Here is the network diagram and I have configured (tried to configure) first only 3 routers, but I have to configure all.

 

grafik.png

 

As for the RR, as I have said I am lack of experience with BGP, cuz usually I use OSPF and or EIGRP, but here I dont have this option.

 

Regards,

Milan

 

It is not clear to me which devices are firewalls and which are routers based on the icons you used. I will say that using the /30 networks between the routers is a solid L3 IP design. This does go back to what I was saying about using physical interfaces instead of loopbacks. If the link between R3 and R4 is down, I would want that BGP session to drop so that R3 and R2 know R3 doesn't have a route any longer. The question then becomes how you assign the BGP ASN's to the routers. As I look at that, R0 and R1 would be an ASN (private), R2 and R3 would be an ASN, etc. Then you don't have to use route reflectors, confederations, or anything like that. BGP's normal loop prevention methods (don't send a route to an AS where the AS in question is already in the AS path) can do their jobs without anything complex. I agree with @Giuseppe Larosa  that this looks like a job for an IGP like OSPF or EIGRP, not a job for EGP like BGP. As a good consultant, I would personally try to talk the customer out of using the wrong tool for the job or at least try and understand their reasoning for wanting to use BGP.

Review Cisco Networking for a $25 gift card