04-08-2019 05:01 AM - edited 04-08-2019 05:40 AM
Hi,
i got a BGP LAN and need to connect serveral L3 OSPF devices with Client-Networks. For the incoming routes i do a redistribution from OSPF (Client-Networks) to BGP and 50% of the work is done. If someone creates a new VNI the LAN automatically learns that in BGP (from OSPF). Now from the BGP routes down to the L3 Device i need some intelligent way to handle this:
Rules: I don't want to learn every route on the network (in OSPF on my end-side). I only have to learn my next Hop the "big" BGP Router (Default Route to the Point to Point interface) - and i want to learn that route dynamically because the L3 got dual Uplinks to a Pair of BGP Routers and i don't want to create many config variables for every L3 OSPF device. Sometimes one or more other L3 are connected in a row in OSPF.
What is the best way to fullfill this needs in the BGP/OSPF router ? IF i apply two static default routes on the L3 OSPF device and point on the BGP router p2p interface IP it worked fine - but statically and i have to change the L3 Device.
Thanks for suggestions
04-08-2019 06:17 AM
I can think on a couple of different solutions:
1) Make the BGP/OSPF Router act as an OSPF ABR (Area Border Router - including an interface in Area 0) and configure the OSPF domain in a non-zero area as Stub or Totally Stub (or NSSA if is required). This will make the Router generate a Type 3 LSA 0.0.0.0 as Default Route which will be advertised to the rest of the OSPF domain.
or
2) From the BGP/OSPF Router, manually advertise the Default Route into the OSPF domain using the "default-information originate" command.
Make BGP advertise only a Default Route to your BGP/OSPF Router, then you won't need Static Routes.
HTH
04-08-2019 07:09 AM - edited 04-08-2019 08:00 AM
Thanks!
1) My Questions: How can i "create" area 0/backbone locally on the BGP/OSPF Router and configure the Downlink in a nssa with default originate ? Currently i have only one Zone and one Interface where i can play with because i got BGP on the Core.
2) the Default Route in BGP/LAN Points to the firewall/Internet and will not help if i apply a route-map with the redistribution.
I will invest some time in testing version1 :)
Thanks
04-08-2019 09:12 AM - edited 04-08-2019 09:12 AM
No problem!
1) Create a loopback on the BGP/OSPF Router and configure it in OSPF Area 0. This will make the Router act as an ABR since it is now has an interface in UP state in Area 0 (that loopback). The Downlink can be in any non-zero area and be configured as NSSA or Totally NSSA.
Take into consideration that:
The ABR for the NSSA generates the 0.0.0.0 route, but not by default.
To force the ABR to generate the default route, add the "default-information originate" parameter.
area <area id> nssa default-information originate
The ABR generates the 0.0.0.0 route by default. The "no-summary" specifies it is Totally NSSA.
area <area id> nssa no-summary
Remember the Area type (NSSA) needs to match in the OSPF configuration of the ABR and the downstream L3 device.
2) If some other device in BGP is already advertising a 0.0.0.0 route, you may consider advertise instead a summarized route from your "big" BGP Router to your BGP/OSPF Router.
HTH.
04-08-2019 09:50 AM
Hello
If you advertising a default into ospf from two bgp routers then I guess your want to a preference on what default to use so you could advertise toe default with differing metric types
can you post a topology diagram please
04-08-2019 11:33 PM - edited 04-09-2019 12:49 AM
Here is the diagram.
With the Loopback in Area0 "Workaround" the LSA 3 default route comes down to the Router R3 two Times (sourced R1,R2) with STUB no-autosummary. R1/R2 Routers won't learn any R3 Routes excapt the R2- he learns the default route advertised by R1 (over R3) and install them to the table because AD 110 is better than 200 (BGP AD).
I found out that all VLANs have to be directly in the OSPF Area 2 process. Redistribute connected and static won't get imported in Stub mode. So this is also fixed. The only problem is now the 2nd default route which the R2 imports.
Is this a default behavior ? What is the best way to solve this on R1/R2 ? route-map ?
And a nother Question: When i need to implement a static route f.E. for a ASA i now have to implement them on the R1/R2 not on R3 because static redistribution is not supported in Stub?
Thanks in advance
04-09-2019 09:08 AM
Now that I look at your topology, you can just simply configure R1, R2 and R3 in OSPF Area 0.
- For additional Routers connected to R3 (just like R4), that link can be in a non-zero Area for scalability and appropriate OSPF design using several areas instead of just growing Area 0. In that case, R3 will act as ABR and you can configure the link R3-R4 as non-zero OSPF area and (optionally) as either Stub, Totally Stub, NSSA or Totally NSSA. Remember that NSSA type areas allow you to redistribute a route (with the 'redistribute' command under OSPF process configuration section) from within that Area when Stub type areas do not. In any case, any of those areas types allow advertising OSPF networks using just the 'network' command under OSPF process configuration section.
- Additional Routers that can potentially connect to R3 (let's imagine there is a need to add R5 and connect it to R3 in the future) can be configured on a different non-zero Area and be configured similarly to the R3-R4 OSPF adjacency.
- Again, the idea behind the above is have R1/R2/R3 in Area 0 and make R3 behave as ABR to other Routers that can connect to it in the future.
If R1 and R2 reside in Area 0, you can "attract" traffic to R1 & R2 by advertising from them a default route into the OSPF domain using:
R1(config)#router ospf <OSPF_PID> R1(config-router)#default-information originate
R2(config)#router ospf <OSPF_PID>
R2(config-router)#default-information originate
Note that in that case, for the "default-information originate" command to advertise a default route to R3, the R1 & R2 Routers need to have a default-route in their own Routing Table and be introduced into the OSPF process. If R1 & R2 are already receiving a Default Route via iBGP, you can accomplish this as follows:
R1 or R2 already have a default route in their own Routing table via iBGP
#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 10.1.2.1 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 10.1.2.1, 00:00:32 R1 & R2 router bgp <BGP_AS> bgp redistribute-internal
IMPORTANT: With the above configuration you advertise only the default route into the OSPF domain from R1 & R2. No "redistribute" is needed under OSPF configuration section on those Routers. Now, be careful since iBGP routes can now be redistributed into OSPF since "bgp redistribute-internal" is now enabled. This in some scenarios could lead to loops. It is recommended to always use route-maps to control redistributions in case you need to do so in the future.
Another option to advertise the default Route from R1 & R2 is just with:
R1(config)#router ospf <OSPF_PID> R1(config-router)#default-information originate always R2(config)#router ospf <OSPF_PID> R2(config-router)#default-information originate always
Note the 'always' parameter. With this, R1 & R2 will always advertise a default route to the OSPF domain regardless they do not have the their own default route in their Routing Table which could be lost by virtue of a failure on the BGP adjacency. This could lead to a blackhole of the traffic since R1 & R2 will always be advertising the default route and attracting the traffic of the OSPF domain.
On R1 & R2 you need to prevent the Default Route from being learned via OSPF since it will due to the fact that OSPF Administrative Distance is lower than iBGP's AD.
OSPF = 110
iBGP = 200
R1 & R2
ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0 ! route-map OSPF-LOCAL-FILTER deny 10 match ip address prefix-list DEFAULT-ROUTE ! route-map OSPF-LOCAL-FILTER permit 100 ! ! router ospf <OSPF_ID> distribute-list route-map OSPF-LOCAL-FILTER in !
Where in your topology is the ASA? is it inside the OSPF domain or inside the BGP domain?
If your ASA sits in Area 0 (based on the above explanation), you can just redistribute or advertise its routes into the OSPF domain. If you want to continue using your current Area 2 Stub area design, why don't you change it to an NSSA type area so you can redistribute routes from within this area?
DISCLAIMER:
The configurations discussed in this posts are merely templates and not final configurations that you can copy & paste to your network devices in production. You need to review, evaluate and modify the configurations at your best convenience to make sure the results are the ones you intended and introduce those changes to you network only during maintenance windows. The author of this post is not responsible of unintended consequences by failing to follow this disclaimer note.
04-10-2019 01:40 AM - edited 04-10-2019 01:47 AM
Hello
OSPF
Another alternative would just keep it as simple as possible, and have all routers in the one ospf domain, with R1-R2 advertising a default route into the ospf with metric-type preference on the default, Any redistribution on future statics can be accomplish without changing to none backbone areas.
These default routes can be based on the bgp defaults your receiving from either isp or if you don't receive defaults then they can be based on a conditional dummy route which will be removed if reachability is lost upstream from the isp, This will save you redistributing bgp into ospf and provide dynamic default route fail over for ospf
Lastly redistribute ospf into bgp negating any possibility of the ospf defaults being the advertised.
Note: each opsf peering can be point-to point to save messing about with DR/BDR election
BGP
Have bgp advertise only local routes to either ISP so to make sure your own ASN doesn't become a transit path
Attached is a sample config you may refer to.
04-09-2019 12:50 AM
Two routes with ECMP is fine and fits the needs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide