cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26347
Views
8
Helpful
8
Replies

Mutual Redistribution BGP<>OSPF

kris-andrews
Level 1
Level 1

Hi All,

Please see diagram attached, I have a scenario where i have dual CE-PE configuration and need to enable mutual redistribution between BGP and OSPF. My concern is with routes being redistributed into OSPF from BGP and being re-advertised/redistributed back into BGP at the other CE.

I have enabled external routes to be redistributed into BGP so it would seem logical that there is potencial for a routing loop.

Is this a fair assumption? are routes learnt from BGP likely to get redistributed back into BGP from OSPF? is there some kind of loop prevention mechanism i'm not considering?

I'm guessing I will have to configure some kind of filtering to prevent routes learnt via BGP being redistributed back in.

Your help would be much appreciated.

Kris

8 Replies 8

manju.cisco
Level 3
Level 3

yes, we should prevent loop.

We can do it using route maps.

What we do is., on CE1, tag the routes coming from PE's BGP say to 9999 and on CE2 block/deny the routes whose tag is matching to 9999 using route maps and permit other routes.

Similary do the same on CE2 and all should be ok.

Amit Aneja
Level 3
Level 3

Kris,

This can be done by multiple ways, for example:

1) Create access lists of prefixes allowed for redistribution and permit

only these prefixes to be redistributed

2) Tag prefixes (in OSPF) or community (in BGP) and on all other routers do

NOT redistribute prefixes having this tag (community) because that would

mean this prefix has been originated in another protocol and double

redistribution of the same prefix should be prohibited.

You should be able to set the tag when redistributing from BGP into OSPF.

Then, when going from OSPF into BGP, you can match on that same tag.

Here is an example of mutual redistribution with ospf and bgp using the set

tag command:

router ospf 1

!!! Here I attach route-map which sets tag value on redistributed routes

redistribute bgp 2 route-map bgp-to-ospf

network 192.168.2.0

!

router bgp 2

no synchronization

bgp log-neighbor-changes

!!! Here is redistribution into BGP with another route-map to filter routes

redistribute ospf 1 route-map ospf-to-bgp

neighbor 192.168.1.1 remote-as 1

no auto-summary

!

!!! Route map which sets tags

!

route-map bgp-to-ospf permit 10

set tag 600

!

!!! And here goes route map which filters tagged routes

!

route-map ospf-to-bgp deny 10

match tag 600

!

route-map ospf-to-bgp permit 20

Regards,

Amit Aneja

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Kris,

in most cases redistribution of IGP into BGP can be avoided by taking advantage of the fact that BGP network command looks for a match in IP routing table that is it works also for IGP learned routes.

limitations:

no more then 200 network command statements are allowed (at least in the past)

with no auto-summary configured under BGP network command needs an exact match (including prefix length) in IP routing table.

aggregate-address command can be used to create summary routes to be sent on eBGP sessions

if your scenario really needs mutual redistribution you need to use safety measures as described by Amit and Manju or you are in real trouble!

Hope to help

Giuseppe

Many thanks for your responses,

As I'm dealing with a very large routing table it would not be practical in this instance to use the network command, but certainly this would have been preferred.

In the case of routes from OSPF being redistributed into BGP would i definately need a form of filtering on the BGP side? my understanding is routes that are advertised into BGP would never be redistrbuted back into BGP as it would see it's own AS in the advertisement, therefore routes that are looped round would be invalid.

Am i correct in making this assumption?

Kris

Hello Kris,

as this looks like an MPLS L3 VPN scenario be aware that PE nodes will probably do AS override hiding your own AS number from BGP advertisements that are sent to you.

As suggested by others you can use a BGP community attribute in order to mark routes injected from OSPF into BGP.

Hopefully the BGP community will travel from one side to the other allowing for this check.

the route-maps used for redistribution of BGP routes into OSPF can check for that BGP community value.

ip community-list 10 permit 65000:666

route-map BGP-into-OSPF deny 10

match community 10

route-map BGP-into-OSPF permit 20

set tag 666

set type 1

set metric 20

route-map OSPF-into-BGP deny 10

match tag 666

route-map OSPF-into-BGP permit 20

set community 65000:666

router ospf 10

redistribute bgp 65000 subnets route-map BGP-into-OSPF

!

router bgp 65000

redistribute ospf 10 route-map OSPF-into-BGP

!

Hope to help

Giuseppe

Kris,

Please see my comments below on your question:

In the case of routes from OSPF being redistributed into BGP would i definately need a form of filtering on the BGP side? my understanding is routes that are advertised into BGP would never be redistrbuted back into BGP as it would see it's own AS in the advertisement, therefore routes that are looped round would be invalid.

AS information will be lost while redistribution. So, it won't stop the routes from looping. You need to do filtering both ways.

Regards,

Amit

Thankyou for your responses they have been very useful!

In this scenario where BGP routes are being redistributed into the OSPF IGP I guess this removes the need for an iBGP connection between the CE routers as both CE's will learn routes via OSPF?

Regards

Kris

Hi Kris/Guys,

I also have this kind of problem.

Did you find a fix on this?

Review Cisco Networking for a $25 gift card