cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
874
Views
5
Helpful
4
Replies

Routing OSPF & BGP

amitkulshrestha
Level 1
Level 1

Hi All, Hope you all are safe in this deadly pandemic. A new use case to discuss for our customer.

Our Customer is having below following, same is described in diagram attached: -

  • DC
  • 50 Branch location
  • Single ISP (small ISP kindly) link with NO MPLS & BGP. (ISP is having OSPF only in their environment & cannot use BGP)

Customer is asking to use dynamic routing protocol (Preferred BGP) at DC & Branch location.

Now can we have Single BGP AS number both in DC & Branches. And if yes then how & what will be required to configure at ISP end and as well our customer router ends in both DC & Branches.

If anyone can explain through configuration examples, it would be great help. If you have anything to ask, you are welcome.Thanks & take care.

 

Regards

Amit

 

 

4 Replies 4

inderdeeps
Level 4
Level 4

@amitkulshrestha : BGP is protocols where you have two different AS number between ISP and Customer ( One AS number for Branch and DC of customer)

https://www.ciscopress.com/articles/article.asp?p=2738462&seqNum=3 

BGP is protocols where you have two different AS number between ISP and Customer ( One AS number for Branch and DC of customer) --> Yes Inderdeep - aware about .. in bgp there are two different AS number, one for ISP and one for customer.

 

 

balaji.bandi
Hall of Fame
Hall of Fame

I do not see any issue related to BGP peering here, (since you are using OSPF as underlay reach each other. and BGP on top of it)

 

But  we need to address some questions here is :

 

1. is your Router connected to ISP  what is the routing protocol running. ?

2. are you using a static route?

3. what is the advantage you get here? since you are depending on the OSPF process for all the routes here with  ISP OSPF?

4. Do you have a dual-link with ISP or a single link here?

 

what is the goal we going to solve with this design?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @amitkulshrestha ,

 

>> Now can we have Single BGP AS number both in DC & Branches. And if yes then how & what will be required to configure at ISP end and as well our customer router ends in both DC & Branches.

 

But

>> (ISP is having OSPF only in their environment & cannot use BGP)

 

Thiis is hard to believe they should be using BGP or they do not qualify as an ISP. They are not willing to use BGP with you.

 

In the described scenario with the ISP using only OSPF , if not using MPLS services, the iBGP sessions that you can set up between your DC routers and the branch routers are useless because:

a) you are advertsing all the routes both in OSPF and iBGP OSPF routes are preferred everywhere for their lower AD 110 in comparison to iBGP (AD 200)

b) you attempt to advertise only in in iBGP the internal subnets of DC and branch sites . In this case you create a series of  black holes because the ISP is not able to route packets for a destination advertised in iBGP only and they are likely sent via the default route ...

 

Please verify with ISP if :

they are running MPLS services . if MPLS L3 VPN service is possible

if the answers to these two questions are negative I would suggest you to move to a different ISP or simply leave the scenario untouched.

 

If you are representing the small ISP don't be afraid to introduce MPLS and MP BGP in your backbone it is a mature technology with over 20 years of use worldwide.

 

Edit:

Constructive suggestion :

in the current scenario you could deploy a DMVPN with the DC routers as Hub routers and the Branch routers as Spokes. In this way they will build point to multipoint GRE tunnels that using NHRP can give you a virtual flat subnet where you can run your routing protocol of choice including iBGP.

In this way you could achieve separation of routing from ISP of internal LAN subnets in DC and branch sites overcoming the ISP current limitations. This means all the activity and the effort are on the enterprise side with no change on the ISP side.

Also with IPSec protection profile you could achieve some level of security.

 

Hope to help

Giuseppe

 

Review Cisco Networking for a $25 gift card