cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2403
Views
0
Helpful
10
Replies

what do people normally do to get ISP routes to my IGP

carl_townshend
Spotlight
Spotlight

Hi there

Can someone please tell me that is the normal practice when advertising routes from my ISP to my internal network

we have 2 isp's both advertising a default plus some other internet routes.

the ISP routers run BGP, and also OSPF which talks to our internal network.

would best practice be just to redistribute our PI block of addresses from OSPF into BGP to outside, and then redistribute a default route into OSPF either by a route map so only match the 0.0.0.0 route learned from BGP into OSPF, or the default originate command

?

your thoughts please

cheers

10 Replies 10

Paul Morgan
Level 1
Level 1

Unless you need multiple individual routes to go to/from the ISP, it would be usual to feed two possible external routes into OSPF, maybe one as a default route and the other as a backup, but without using redistribution from BGP. So the inside network only sees a route out.

If you have discontiguous internal public networks, then redistribution would be the way to go.

Paul

so basically on the internet routers redistribute a static default route into ospf, but 1 with a lower metric from the active internet router?

does that sound right?

cheers

Carl

If it was me, I probably wouldnt use REDISTRIBUTE at all. I'd just point the default route out the connected interface to the ISP. Assuming that all you want is for all internal traffic to the internet to be able to get out to your ISPs, this means less complication.

So something like ip route 0.0.0.0 0.0.0.0 Gi0/1 and then default-information originate.

How you split the traffic options for the 2 ISPs is up to you but normally I would recommend ensuring your traffic flows in a predictable manner i.e. you know who is going out to each ISP.

Hello Carl,

you cannot redistribute a default static route in OSPF this is not allowed in Cisco OSPF implementation.

What you can do is to associate a route-map to default-originate command to check if the eBGP route to 0.0.0.0 is present.

Something like

ip prefix-list DEFAULT permit 0.0.0.0/0

access-list 11 permit host

route-map CHECK-BGP-DEF permit 10

match ip address prefix DEFAULT

match ip next-hop 11

set metric 1

set metric-type type-1

!

router ospf 10

default-information originate route-map CHECK-BGP-DEF

I have used this in the past with good results.

Use of OSPF O E1 is recommended as you have two exit points.  On the second router use an higher seed metric if you want to build a primary/secondary internet exit point

Add an iBGP session between the border routers so that they will learn about the specific routes learned by each ISP and they can route accordingly.

Hope to help

Giuseppe

Is there any easier way of doing this?

also, how do I get the internet routers to advertise my PI block so it only comes through the router I want as active?

would I redistribute the ospf into BGP ? how would I make it select the path I want ? could I do it via it learning a better IGP route or would I have to use AS Path prepend on the router I dont want active

what is the simplest way ?

cheers

Hello Carl,

>> Is there any easier way of doing this?

in the proposed configuration each border router generates a default route in OSPF domain only if it is receiving a default route from specified BGP next-hop = only if the eBGP session is fine.

A simpler configuration can be performed by skipping the route-map in OSPF default-originate command, but it would not perform the checks described above and both border routers would generate a default route in OSPF even if one eBGP session is down, if the iBGP session between them is configured (and this last one is needed to handle the different specific routes received from each ISP)

>> also, how do I get the internet routers to advertise my PI block so it only comes through the router I want as active?

would I redistribute the ospf into BGP ?

Using the network command under router bgp is enough to advertise the PI block if learned in OSPF. no need for redistribution here.

>> how would I make it select the path I want ? could I do it via it learning a better IGP route or would I have to use AS Path prepend on the router I dont want active

Assuming you have two different ISPs AS path prepending of your own AS number will make the routes advertised by secondary border router less attractive. In any case you can have some return traffic via secondary path as AS path prepending is an attempt to influence return path but it does not provide 100% results.

If only one ISP is involved ( same AS number) you could set a lower MED outbound primary border router as discussed in a previous thread

Hope to help

Giuseppe

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

A simpler configuration can be performed by skipping the route-map in OSPF default-originate command, but it would not perform the checks described above and both border routers would generate a default route in OSPF even if one eBGP session is down, if the iBGP session between them is configured (and this last one is needed to handle the different specific routes received from each ISP)

I know that's correct if the "always" parameter option is added to the OSPF default-originate command, but otherwise, I thought OSPF router had to "see" a default route being sent by its eBGP session?

References:

http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#q11

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a74.shtml#normalareas

http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t38

Hello Joseph,

I was considering the presence of the iBGP session between border routers to be able to provide a secondary path for the default route, the iBGP session is needed because there are specific routes received from the ISPs.

I may be wrong of course.

I agree that with the always keyword a default route is always injected into OSPF domain

Hope to help

Giuseppe

Disclaimer

The    Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not   be construed as rendering professional advice of any kind.  Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In    no event shall Author be liable for any damages whatsoever  (including,   without limitation, damages for loss of use, data or  profit) arising  out  of the use or inability to use the posting's  information even if  Author  has been advised of the possibility of such  damage.

Posting

Giuseppe, I'm not questioning the iBGP session and agree you want it for the reasons you note.

I'm just wondering whether a default originate behaves very much like your route-map example, although simpler.  I.e. if OSPF will advertise or not a default route sync'ed with whether a default route is in the route-table or not (provided by BGP).

Where an issue might arise, if OSPF injects the default route if the default router "sees" it from iBGP, a routing loop might be created if the iBGP path might transit a non-iBGP IGP router (this is avoided by your route map).

Hello Joseph,

>> Where an issue might arise, if OSPF injects the default route if the default router "sees" it from iBGP, a routing loop might be created if the iBGP path might transit a non-iBGP IGP router (this is avoided by your route map)

I would suggest the iBGP session only if the two border routers are directly connected, otherwise I would make both border routers to redistribute from BGP into OSPF the two sets of specific routes received from ISPs

And I was thinking of this case border routers with a direct  connection then iBGP session between them to optimize routing to specific routes.

Hope to help

Giuseppe

Review Cisco Networking for a $25 gift card