08-05-2019 10:01 AM
hello
as below scenario :
Mutually OSPF Redistribute into BGP
Mutually EIGRP redistribute into BGP
i want to prevent loop in OSPF Domain
i use MATCH and SET statement in Route-map
My question is i don't know i apply it where ?
mostly i think i should use distribute-list
anyway ...please help
on R1: route-map TO_R1 deny 10 match tag 2 ! route-map TO_R1 per 20 ! exit route-map FROM_R1 per 10 set tag 1
---------------and------------------
on R2: route-map TO_R2 deny 10 match tag 1 ! route-map TO_R2 per 20 ! exit route-map FROM_R2 per set tag 2
!!!!!!!should i choose one name for my route-map :D and first statement changed to set tag
second line deny
last line per explicitly every things ?
because how i can applied two different route-map(in name) to distribute-list in OSPF ?
or Do you have any other ideas about this ?(i know we have eigrp route tag command) but here is case of OSPF
or what you think i use any tag routing during my redistribution ?
mostly i do not want route receive by R3 From R1 again comeback via R4and R2
So do you think logically i have to use route-map in My redistribution or internally it's enough ?
Solved! Go to Solution.
08-05-2019 12:07 PM
Hello cisc0.ameer,
the route-maps usig route tags match or set tags have to be used in the redistribute command:
router ospf 100
redistribute bgp 100 subnets route-map BGP-into-OSPF
!
router bgp 100
redistribute ospf 100 route-map OSPF-into-BGP
You need to decide to use values that make you remember of redistribution.
We can use route tag 89 for OSPF routes injected into BGP and route tag 179 for BGP routes injected into OSPF.
So to avoid routing loops or suboptimal routing the route-maps should be:
route-map OSPF-into-BGP deny 10
match tag 179
route-map OSPF-into-BGP permit 20
set tag 89
the logic is reversed for the route-map in the opposite redisribute direction
route-map BGP-into-OSPF deny 10
match tag 89
route-map BGP-into-OSPF permit 20
set tag 179
The same configuration has to be applied on both R1 and R2.
A similar logic can be used on R3,R4 between BGP and EIGRP
Hope to help
Giuseppe
08-05-2019 12:07 PM
Hello cisc0.ameer,
the route-maps usig route tags match or set tags have to be used in the redistribute command:
router ospf 100
redistribute bgp 100 subnets route-map BGP-into-OSPF
!
router bgp 100
redistribute ospf 100 route-map OSPF-into-BGP
You need to decide to use values that make you remember of redistribution.
We can use route tag 89 for OSPF routes injected into BGP and route tag 179 for BGP routes injected into OSPF.
So to avoid routing loops or suboptimal routing the route-maps should be:
route-map OSPF-into-BGP deny 10
match tag 179
route-map OSPF-into-BGP permit 20
set tag 89
the logic is reversed for the route-map in the opposite redisribute direction
route-map BGP-into-OSPF deny 10
match tag 89
route-map BGP-into-OSPF permit 20
set tag 179
The same configuration has to be applied on both R1 and R2.
A similar logic can be used on R3,R4 between BGP and EIGRP
Hope to help
Giuseppe
08-05-2019 02:04 PM
Hello
Just like to add if i may to @Giuseppe Larosa examples for clarity
route-map OSPF-into-BGP deny 10
match tag 179 <----BGP routes which are now ospf routes tagged with a value of 179 will be denied into bgp
route-map OSPF-into-BGP permit 20
set tag 89 <----All other ospf routes are tagged with a value of 89 will be allowed into bgp
route-map BGP-into-OSPF deny 10
match tag 89 <----Ospf routes which are now bgp routes tagged with a value of 89 will be denied into ospf
route-map BGP-into-OSPF permit 20
set tag 179 <----All other bgp routes are tagged with a value of 179 will be allowed into ospf
08-06-2019 10:47 PM
Just like to add if i may to @Giuseppe Larosa examples for clarity
too much thanks Sir for clarify , thanks
08-05-2019 11:21 PM - edited 08-05-2019 11:37 PM
Hello cisc0.ameer,
my previous example using only route tags may not work when BGP is involved. It is good for sure for mutual redistribution between two IGPs.
For BGP the BGP community attribute can take the place of the route tag.
There was a previous post thread about this specific issue.
BGP community is similar to a route tag with the added benefit that multiple BGP communities can be added to a single BGP prefix.
The logic to create the two route-maps is still the same but on the BGP side we are going to set a BGP community instead of a route tag.
router ospf 100
redistribute bgp 100 subnets route-map BGP-into-OSPF2
!
router bgp 100
redistribute ospf 100 route-map OSPF-into-BGP2
We will use BGP community 100:89 to signal BGP routes that have been originated by redistribution of OSPF into BGP.
We cannot match a community value directly so we need to define a community-list a special ACL for BGP standard communities:
ip community-list 1 permit 100:89
The configuration of the new route-maps becomes the following:
route-map OSPF-into-BGP2 deny 10
match tag 179
route-map OSPF-into-BGP2 permit 20
set community 100:89
the logic is reversed for the route-map in the opposite redistribute direction.
Now we match on community using the community list 1 defined above.
route-map BGP-into-OSPF2 deny 10
match community 1
route-map BGP-into-OSPF2 permit 20
set tag 179
This approach should work when BGP is involved.
Paul Driver has provided a clear explanation of the logic under the two route-maps.
Here there is just an update to use BGP community on the BGP side in case matching or setting a route tag is not supported or not effective.
The idea is that we deny = not allow all routes that have been originated on the protocol that should receive the redistributed routes using a match tag for OSPF routes when examined for possible redistribution into BGP, and using a match community when examining BGP routes for possible redistribution into OSPF.
The same configuration has to be performed on both R1 and R2 as the main reason to control mutual redistribution is the presence of two ASBR routers both performing mutual redistribution.
As noted in previous post a similar configuration can be created for routers R3,R4 where we just need to remember that EIGRP requires the setting of a default metric using the five metric components to make redistribution effective to be able to create the seed metric for EIGRP external routes.
Edit:
the use of the route-maps is really necessary if R1 and R2 have also an iBGP session between them.
If the iBGP session is not present R1 and R2 are not going to accept the routes originated by the other one because going via R3 or R4 the AS path BGP attribute will contain the BGP AS 100.
However, because also R3 and R4 are performing mutual redistribution between BGP and EIGRP without any control R3 or R4 could re-inject an original OSPF route via eBGP taking the prefix from EIGRP and in this case the BGP AS path attribute would contain only AS 200 and would be accepted on R1 or R2.
So actually the use of the route-maps is highly recommended/necessary even if no iBGP sessions between R1,R2 and R3,R4 are configured.
Hope to help
Giuseppe
08-07-2019 12:45 AM
Hello @Giuseppe Larosa first million times thanks
this answer makes more sense to me , but as you are highly skilled and professional also your answering is too , let me i ask for clearing and fully understanding some points ,[thanks in advance]
--------------------------------------------------------------
my previous example using only route tags may not work when BGP is involved. It is good for sure for mutual redistribution between two IGPs
1-You mean like my scenario one side [BGP+ospf] and other [EIGRP+BGP] connected two ASs with eBGP and also we have iBGP(with RR Server in middle)
in this scenario Will NOT Work ? Correct ?
but in previous example you said:
router ospf 100 redistribute bgp 100 subnets route-map BGP-into-OSPF ! router bgp 100 redistribute ospf 100 route-map OSPF-into-BGP
above example includes BGP !!!How compare! here we have BGP also ....
2- By
Edit: the use of the route-maps is really necessary if R1 and R2 have also an iBGP session between them.
You meant if we have an iBGP in our AS , better and suggested we use route-map
if also we have External BGP with redistribution (BGP include) should use BGP community ?
3-
If the iBGP session is not present R1 and R2 are not going to accept the routes originated by the other one because going via R3 or R4 the AS path BGP attribute will contain the BGP AS 100.
You mean:
R1 originate route : but because no iBGP connection to R2 ,THEN originate routeS, it goes through a eBGP to AS 200 and possible to come back with AS_PATH 200
and R2 accept this but in AS_PATH SEQ we have 200 [if iBGP not defined]
4-
So actually the use of the route-maps is highly recommended/necessary even if no iBGP sessions between R1,R2 and R3,R4 are configured.
if we have iBGP also we have iBGP Loop prevention mechanism (AS_PATH)
and in AS for example 100 if together we have OSPF as IGP and iBGP we can refer to first example
5- this not clear for me what's mean by possible redistribution
The idea is that we deny = not allow all routes that have been originated on the protocol that should receive the redistributed routes using a match tag for OSPF routes when examined for possible redistribution into BGP, and using a match community when examining BGP routes for possible redistribution into OSPF.
thanks many from You and other experts participated in.
08-07-2019 01:22 AM - edited 08-07-2019 01:24 AM
Hello cisc0.ameer,
I apologize for the possible confusion I have created here with two posts telling different things.
when BGP is involved using BGP community is the safer way to make controlled redistribution as some users have reported issues trying to use route tags on the BGP side ( I don't remember exactly if one of the two commands match tag or set tag was not supported when the route-map was applied to BGP in redistribution or BGP was not honoring the route tags, in any case I had provided an alternate solution using BGP community instead of route tags in that thread).
when I have written my first post in this thread I didn't remenber about this possible issue.
Many years ago I have tested a scenario like yours for a customer with OSPF - BGP - BGP - EIGRP involved and multiple routers used as ASBR nodes.
I think I have used BGP community in that case to make it working but it was 16 years ago.
>> above example includes BGP !!!How compare! here we have BGP also
I can make errors as any human being for this reason I have written the second post to point out possible issues of first proposed solution.
I would suggest you if you can to test both solutions and report issues ( if any) using route tags only.
About points 2) and 3) I have made some considerations but my final considerations is that we still need to use route-maps so I will not go in detail on this. I could have skipped these sentences.
>> if also we have External BGP with redistribution (BGP include) should use BGP community ?
As I have explained above it should be safer to use BGP community.
4) my final consideration I would use route-maps in this scenario even if iBGP sessions are not present.
5)
The idea is that we deny = not allow all routes that have been originated on the protocol that should receive the redistributed routes using a match tag for OSPF routes when examined for possible redistribution into BGP, and using a match community when examining BGP routes for possible redistribution into OSPF.
Here with examing for possible redistribution I mean the router activity to process the BGP routes during redistribution into OSPF = inside the
redistribute route-map BGP-into-OSPF2 subnets
context.
To be noted redistribution is a dynamic process, routes are re-examined from time to time to see if any change has occurred.
I apologize for having written too many unnecessary comments to my second post that can create confusion.
Hope to help
Giuseppe
08-07-2019 07:18 AM
@Giuseppe Larosa sir please Don't say like this this is your Favor and also magnanimity
----------------------------------------------------------------
when BGP is involved using BGP community is the safer way to make controlled redistribution as some users have reported issues trying to use route tags on the BGP side ( I don't remember exactly if one of the two commands match tag or set tag was not supported when the route-map was applied to BGP in redistribution or BGP was not honoring the route tags, in any case I had provided an alternate solution using BGP community instead of route tags in that thread).
Oh ! I see ... Yes SET or Match cause problem using for BGP , i see
I think I have used BGP community in that case to make it working but it was 16 years ago.
Oh! that time i was baby i think :D
I can make errors as any human being for this reason I have written the second post to point out possible issues of first proposed solution.
No it was perfect Idea for me also ,
I apologize for having written too many unnecessary comments to my second post that can create confusion
Sir , it is really help ful for me
thanks again
regards
08-06-2019 10:46 PM
router ospf 100 redistribute bgp 100 subnets route-map BGP-into-OSPF ! router bgp 100 redistribute ospf 100 route-map OSPF-into-BGP So to avoid routing loops or suboptimal routing the route-maps should be: route-map OSPF-into-BGP deny 10 match tag 179 route-map OSPF-into-BGP permit 20 set tag 89 route-map BGP-into-OSPF deny 10 match tag 89 route-map BGP-into-OSPF permit 20 set tag 179
Yes , Yes i was looking for this
08-06-2019 11:01 PM
Hello cisc0.ameer,
look also at my second post in this thread.
Because BGP is involved in that second post I provide an alternate solution using BGP community instead of route tags on BGP side.
Some users have reported issues with BGP and route tags in redistribution I have remembered of this only in a second moment.
thanks for your kind remarks
Hope to help
Giuseppe
08-05-2019 12:16 PM
You need to apply the route-map at AS border routers. example below will help you.
08-06-2019 11:03 PM
hello sir @balaji.bandi
Yes, it's useful thanks for mentioning
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide