Solved: Sharing routes between carriers using BGP

jaime.garcia · ‎05-28-2013

I currently have 14 US offices connected via MPLS. We have recently opened a new office in Ottawa Canada. Our primary US MPLS carrier cannot provide services in Canada. I currently have a site to site tunnel setup between Ottawa (Internet circuit) and our head quarters in the US. It works, but at times we experience connection issues.

I am in the process of ordering MPLS services from a different carrier. Below is what I have in mind of doing.

------------------ Chicago Head Quarters ( Cisco 2951) Primary BGP -------------- MPLS ------------|------------ BGP Remote Office

Core 6509 (Chicago) | | |

| |-----------------|------------ BGP Remote Office
|

-------------------- Chicago Head Quarters ( Cisco 2851) New Carrier----------------MPLS--------|----Ottawa Office

So I would like my Ottawa office to also be able to see my other remote offices.

What would I need to configure on both of my Cisco routers in Chicago and my core 6509 switch?

Thanks,

Jaime

Julio Carvajal · ‎05-29-2013

Hello Jaime,

Yes, you should be good to go,

The ASA will participate in the OSPF cluster and it will learn the default route via the Chicago Head-quarters router,

So most of the job will be done on the Core router (where redistribution will happen)

On the Chicago Head-quarters router you will just build the OSPF relationship with the ASA and advertise the default route,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

mfurnival · ‎05-30-2013

jcarvaja - The ASA and internet breakout is in Ottawa, not Chicago.

Jaime - I don't see any problems with what you propose but you will need to alter the design I suggested slightly. You will need to:

1. Configure users in Ottawa to use the MPLS router as their default gateway (not the ASA)

2. Add a default route on the Ottawa MPLS router pointing at your ASA firewall. Do not redistribute this default route into BGP.

3. In Chicago you will need to redistribute your other site and Chigaco subnets from OSPF into BGP and advertise them out to Ottawa.

I would use route-maps in the redistribute statements so you tightly control what you are advertising. This is not essential but it is useful to keep on top of what is being advertised where and can stop things breaking in the future if additional links are added.

View solution in original post

Dennis Mink · ‎05-28-2013

The "new carrier" is that gonna connect all your 14 US offices plus ottawa? or just the ottawa office with Chicago?

In the new situation, what will be your preferred provider (i.e cheapest path in routing terms) and also, what routing protocol are you using internally in Chicago? are you using eBGP?

can you post the config of the 6500? thanks

Thanks

=============================
Please remember to rate useful posts, by clicking on the stars below.

=============================

Please remember to rate useful posts, by clicking on the stars below.

jaime.garcia · ‎05-29-2013

The new carrier is only going to connect with Ottawa and Chicago. So Chicago will have two routers (one to each carrier).

We are using OSPF internally between the Chicago router and 6509. We are using BGP between Chicago and the primary carrier.

So would I be able to use IBGP between the 6509, Chicago 2951 (WIndstream) and Chicago 2851 (New Carrier) so that Ottawa can see my remote sites but would need to go through Chicago to connect?

6509#

router ospf 1

router-id 10.30.0.1

redistribute static metric-type 1 subnets route-map RED_STATIC

network 10.30.0.1 0.0.0.0 area 0

network 10.0.0.0 0.255.255.255 area 0

network 192.168.0.0 0.0.255.255 area 0

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 10.6.15.0 255.255.255.0 10.30.0.13

ip route 10.191.1.0 255.255.255.0 10.30.0.13

ip route 10.200.1.0 255.255.255.0 10.200.1.254

ip route 38.98.176.194 255.255.255.255 10.30.0.11

ip route 38.98.176.203 255.255.255.255 10.30.0.11

ip route 38.98.176.216 255.255.255.255 10.30.0.11

ip route 38.124.100.133 255.255.255.255 10.30.0.11

ip route 172.16.99.0 255.255.255.0 10.30.0.25

!

ip access-list standard RED_STATIC

permit 38.98.176.216

permit 38.98.176.194

permit 172.16.99.0 0.0.0.255

permit 10.191.1.0 0.0.0.255

permit 10.6.15.0 0.0.0.255

mfurnival · ‎05-29-2013

You could run iBGP but you don't have to do that. You could just redistribute from BGP into OSPF on both of your Chicago routers. To your Ottawa site you would just advertise a default route (because the only way it can reach anything else on your network is via Chicago). On the Chicago 2951 you could redistribute your Ottawa subnets from OSPF into BGP or advertise the routes via network statements. You don't mention about internet breakout anywhere though which you might need to consider.

jaime.garcia · ‎05-29-2013

Thanks for the help. I think if I redistribute from BGP into OSPF on both Chicago routers I should be good to go. My Chicago office and remote offices use a network based firewall provided by Windstream. I currently have a 20Mb Internet circuit in Ottawa connect to a ASA 5505. I was planning on using that for Internet in Otttawa. Do you see any potential issues? My default route would just point to the ASA correct?

Thanks again - Jaime

Julio Carvajal · ‎05-29-2013