cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6619
Views
10
Helpful
7
Replies

BGP to OSPF Asymmetric Routing Problem

I have a setup whereby an MPLS breakout site has two routers, a primary and a secondary, that connect on to an ASA that in turn connects to an internet facing router (see diagram below).

 

The default route for the MPLS cloud is learned by the internet facing router and advertised, via OSPF, to the ASA and then on to the MPLS facing routers. These routers then push the default route (through redistribution into eBGP) into the MPLS cloud. All routers are in OSPF area 0.

 

At the same time, the routes for all of the MPLS sites are being learned by the MPLS facing routers (via eBGP) and redistributed into OSPF where they are then taught to the ASA.

The complication comes in whereby the AD of BGP has been raised so that the MPLS facing routers will prefer an OSPF route for any given prefix over a BGP route (this is to do with how their multi-site failover works, the BGP neighbours of the MPLS routers are also giving a default route to the MPLS routers - the MPLS routers need to prefer the OSPF default except in a failover scenario - I won't go into the details here)

 

All remote MPLS sites will go via the MPLS primary router to breakout to the internet. The route to the primary is being preferred by using BGP local preference to make its advertised default route the more preferred.

 

The trouble I am experiencing is that only one of the two MPLS facing routers will ever actually redistribute the MPLS LAN ranges from BGP into OSPF. The sequence is happening as following:

 

1. One MPLS router brings up its BGP neighbourship first (say it’s the secondary)

2. This MPLS router will take the prefixes for all of the MPLS sites (that it learns via BGP) and redistributes them into OSPF.

3. The OTHER MPLS router (in this case the primary) now brings up its BGP neighbourship.

4. This router will now see two options to get to the MPLS sites

                (a) Going via BGP

                (b) Going via OSPF (via the router that built its BGP neighbourship first)

5. This OTHER MPLS router will now prefer to go via OSPF path to get to the MPLS sites rather than through its BGP peer (because of AD preferences)

6. This in turn means it will not redistribute the BGP learned routes into OSPF because the BGP learned routes are not actually IN its routing table (where redistributed routes are taken from)

 

This presents an asymmetric routing issue if the BGP neighbourship on the secondary comes up BEFORE the primary. Traffic going to the ASA or the internet will go via the primary MPLS router (because of BGP local preference) but traffic going BACK to the MPLS site will go via the secondary MPLS router.

 

This is easily solved by soft clearing the BGP neighborship on the secondary (primary router then loses its OSPF routes to the MPLS sites and prefers the BGP routes and both routers essentially swap their roles). But this is clearly not optimal.

 

Is there any way that I can tell the primary and secondary routers to ignore OSPF learned routes FROM EACH OTHER but NOT the default route learned from the ASA (through OSPF from the internet facing router). I know the idea of OSPF is to be a link state protocol whereby all routers have the same "map" of the local network and filtering can only take place between areas - but can I cheat this?

 

I cannot use separate OSPF areas as there is only one interface on the ASA that I'm not allowed to sub-interface. The only other thing I can think of is using EIGRP or a separate OSPF process but then I add to the complexity no-end as I redistribute on the ASA etc.

 

Any advice would be appreciated.

1 Accepted Solution

Accepted Solutions

 

Hi Steven,

 

I am glad to hear that finally we got a workable solution. It was little tricky setup :).

Post is still open, if it is working for you, can you please change status to solution accepted and close it.

 

Regards,

Akash

View solution in original post

7 Replies 7

Sunil Bhadauria
Level 1
Level 1

Hi Steven ,

 

I did not completely understood the setup , it would be helpful if you can share sample bgp route information from both MPLS routers .

 

Also , When you say :

 

All remote MPLS sites will go via the MPLS primary router to breakout to the internet. The route to the primary is being preferred by using BGP local preference to make its advertised default route the more preferred "

 

I get confused , as local preference is supposed to affect outgoing traffic only and not incoming .

May be you want to share both MPLS router configuration and we can see what bgp features are being used and what would be the affect on outgoing and incoming traffic .

 

As of now i understand one concern clearly :

 " is there any way that I can tell the primary and secondary routers to ignore OSPF learned routes FROM EACH OTHER but NOT the default route learned from the ASA " 

Considering you need these external EBGP learned routes in area 0 in breakout site . You may tag these routes on MPLS routers while redistributing from ebgp to ospf first ( say tag 111 ) : 

( config-router )# redistribute bgp < ASN > < subnets > < Metric > < metric-type > < route-map> < tag>  

 

Than on MPLS routers you can configure a route-map ( say OspfToBgp ) to deny any update based on above tag value :

 

(config)# route-map OspfToBgp deny 10

(config-route-map )#match tag 111

 

( config-router ) distribute-list route-map OspfToBgp in 

 

Hope this helps .

 

Regards

Sunil Bhadauria

Akash Agrawal
Cisco Employee
Cisco Employee

Hi,

 

So here if i understand correctly, you want to prefer internal OSPF route (ad-110) (default route) over eBGP (ad-20) but not external OSPF routes (which are being redistributed from secondary and coming to primary router).

 

You can increase AD of BGP route to 120 but then increase AD for OSPF external route to 130 as well

 

distance ospf {[ intra-area dist1] [inter-area dist2] [external dist3]}

https://perso.ens-lyon.fr/christophe.crespelle/enseignements/ASR/ospf-config.pdf

 

I hope you OSPF default route is intra-area route not the external one.

 

HTH

 

--Pls dont forget to rate helpful posts--

Regards,

Akash

Hmm, you may be on to something here. But I am using:

 

router ospf 2
 router-id 33.33.33.33
 log-adjacency-changes
 redistribute connected
 network 33.33.33.0 0.0.0.7 area 0
 default-information originate metric 5

 

On the internet breakout router. This means that the default is going to be an external route rather than a Type1-2 or Type 3 LSA.

 

Is there any way I can force the OSPF default to be an INTERNAL route?

 

Sorry Steven, my bad. OSPF default route would be EXTERNAL only unless we make two routes NSSA and advertise default from area 0 with command "area <area id> nssa no-summary"

 

http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13692-21.html

 OR

If no customer directly connected on secondary router, can we stop installing redistributed routes through distribute list. Even if BGP on secondary router goes down, no client on this route which wants to reach to other site via primary router.

 

Regards,

Akash

Got it!

 

I applied a distribute list on the OSPF process on the Primary MPLS Router to block any routes that match the MPLS LAN ranges. This stops the routes from the Secondary MPLS router appearing in the routing table but doesn't prevent the redistribution from BGP.

 

It still have to do some GNS3 testing but at first glance it looks like it might have done it.

 

Thanks for the help :)

 

Hi Steven,

 

I am glad to hear that finally we got a workable solution. It was little tricky setup :).

Post is still open, if it is working for you, can you please change status to solution accepted and close it.

 

Regards,

Akash

Hi Akash,

 

Sorry I don't know how to close the case. It is not clear based on the forum page. I have marked your last comment as correct and given you a positive vote. I cannot mark my own comment as correct (apparently the idea of bouncing ideas of people and solving your own problem is not appropriate for this discussion).

Anyway thank you for your assistance and please advise if there is a better way to close the discussion.

 

Regards,

Steve