Thanks Giuseppe -

OK - so, tag the BGP routes as they are redistributed into OSPF and EIGRP. Then, have those BGP originated routes with that tag, be dropped when redistributed from EIGRP to OSPF and OSPF to EIGRP. Should I also tag EIGRP and OSPF routes being redistributed between EIGRP and OSPF for loop prevention on the 1006?

I did tag EIGRP/OSPF routes on the MK-VPN-1001 and the AP-1001-VPN because I was concerned about loops and you helped me out with that in fact - thanks again!!!

I probably should do the same on the 1006, correct?

"the second point can be a problem for routes that are originally BGP routes and then are imported in EIGRP, they might be not able to be redistributed into OSPF as the original BGP route is the one installed in IP routing table"

If I redistribute BGP into both EIGRP and OSPF as you suggested, will I avoid the problem you mentioned above?

Thank you, Pat.

Hello Patrick,

your understanding is correct.

>> Should I also tag EIGRP and OSPF routes being redistributed between EIGRP and OSPF for loop prevention on the 1006?

Yes if there are two different devices performing mutual ( bi-directional) redistribution between OSPF and EIGRP and viceversa you should use appropriate route-tags to avoid unwanted routing information re-injection.

>> If I redistribute BGP into both EIGRP and OSPF as you suggested, will I avoid the problem you mentioned above?

yes

Hope to help

Giuseppe

Thanks Guiseppe.

This is some config I have come up with.I wanted to attach a file but, I don't see an option to do it today.

Not sure if any glaring errors in the config show up or not and please point out anything you see.

If we use a loopback interface for our BGP router IDs, do we also need the multi-hop command?

Please make any suggestions you see fit.

I really appreciate you helping me understand this. Really not sure about my metrics.

Merrimack will have a 1 gig connection to the MPLS cloud.

The connection to the OSPF portion of the LAN portion of the diagram is 1 gig

Shelton will have a 100 Mbs connection to the MPLS cloud.

Merrimack 1006 Config:

router eigrp 99

network 172.20.1.40 0.0.0.3

network 172.20.1.60 0.0.0.3

network 172.20.1.68 0.0.0.3

redistribute ospf 1 metric 100000 1 255 1 1500 route-map OSPF2EIGRP

redistribute bgp 65001 metric 100000 1 255 1 1500 route-map BGP2EIGRP

!

router ospf 1

network 172.20.1.24 0.0.0.3 area 0

network 172.20.1.108 0.0.0.3 area 0

network 172.20.1.112 0.0.0.3 area 0

network 172.20.1.192 0.0.0.7 area 0

network 172.20.1.200 0.0.0.7 area 0

network 172.20.46.0 0.0.0.255 area 0

redistribute eigrp 99 metric-type 1 subnets route-map EIGRP2OSPF

redistribute bgp 65001 metric-type 1 subnets route-map BGP2OSPF

!

Router bgp 65001

Router-id 10.10.10.10

Network X.X.X.X mask 255.255.255.252

Neighbor X.X.X.X remote-as 209

Neighbor X.X.X.X update-source loopback0

Neighbor X.X.X.X next-hop-self

bgp log-neighbor-changes

no auto-summary

no synchronization

redistribute static

redistribute connected

redistribute eigrp 99 Route-map EIGRP2BGP

redistribute ospf 1 Route-map OSPF2BGP

Route-maps for matching and tagging OSPF into EIGRP and EIGRP into OSPF

route-map EIGRP2OSPF deny 10

match tag 110

!

route-map EIGRP2OSPF permit 20

set tag 90

!

route-map OSPF2EIGRP deny 10

match tag 90

!

route-map OSPF2EIGRP permit 20

set tag 110

!

Route-maps for matching and tagging OSPF into BGP and BGP into OSPF

route-map BGP2OSPF deny 10

Match tag 110

!

Route-map BGP2OSPF permit 20

Set tag 20

!

Route-map OSPF2BGP deny 10

Match tag 20

!

Route-map OSPF2BGP permit

Set tag 110

!

Route-maps for matching and tagging EIGRP into BGP and BGP into EIGRP

Route-map BGP2EIGRP deny 10

Match tag 90

!

Route-map BGP2EIGRP permit 20

Set tag 20

!

Route-map EIGRP2BGP deny 10

Match tag 20

!

Route-map EIGRP2BGP permit 20

Set tag 90

!

Shelton 1002 Config:

Interface g0/0/0

Ip address X.X.X.X 255.255.255.252

!

Router eigrp 99

Network 172.20.20.0 255.255.255.0 (there will be many more)

redistribute bgp 65002 metric 100000 1 255 1 1500 route-map BGP2EIGRP

!

Router bgp 65002

Network X.X.X.X mask 255.255.255.252

Neighbor X.X.X.X remote-as 209

Neighbor X.X.X.X update-source loopback0

Neighbor X.X.X.X next-hop-self

bgp log-neighbor-changes

no auto-summary

no synchronization

redistribute static

redistribute connected

redistribute eigrp 99 Route-map EIGRP2BGP

!

Route-maps for matching and tagging EIGRP into BGP and BGP into EIGRP

Route-map BGP2EIGRP deny 10

Match tag 90

!

Route-map BGP2EIGRP permit 20

Set tag 20

!

Route-map EIGRP2BGP deny 10

Match tag 20

!

Route-map EIGRP2BGP permit 20

Set tag 90

!

Hello Patrick,

with eBGP sessions on loopbacks you need the multihop statement to make it work. next.-hop-self is not needed as the BGP next-hop is automatically updated to the source address of the local node.

You will need more deny blocks in the route-maps to deny what is not wanted.

You need to take in account the other cases all the possible combinations

Hope to help

Giuseppe

Thanks, Guiseppe.

What other deny blocks will I need in the route-maps?

Thank you, Pat.

Guiseppe - is this what you meant by more deny blocks?

Thanks, Pat.

route-map OSPF2EIGRP deny 10

match tag 90

!

route-map OSPF2EIGRP deny 15

match tag 20

!

route-map OSPF2EIGRP permit 20

set tag 110

!

route-map EIGRP2OSPF deny 10

match tag 110

!

route-map EIGRP2OSPF deny 15

match tag 20

!

route-map EIGRP2OSPF permit 20

set tag 90

!

route-map BGP2OSPF deny 10

Match tag 110

!

route-map BGP2OSPF deny 15

match tag 90

!

Route-map BGP2OSPF permit 20

Set tag 20

!

Route-map OSPF2BGP deny 10

Match tag 20

!

Route-map OSPF2BGP deny 15

Match tag 90

!

Route-map OSPF2BGP permit 20

Set tag 110

!

Route-map BGP2EIGRP deny 10

Match tag 90

!

Route-map BGP2EIGRP deny 15

Match tag 110

!

Route-map BGP2EIGRP permit 20

Set tag 20

!

Route-map EIGRP2BGP deny 10

Match tag 20

!

Route-map EIGRP2BGP deny 15

Match tag 110

!

Route-map EIGRP2BGP permit 20

Set tag 90

Thank you, Pat

Hello Pat,

yes this is what I would use in this case.

Someone could say that we can take advantage of the implicit deny at the end of each route-map, however we could also say that just a final empty route-map block /clause would defeat the logic of each route-map.

By accident any new route-map block starts as an empty clause as we enter the first command to create it!

So the paranoid logic of explicitly denying what should be blocked can save your day when in the future you will need to modify the route-map for any reason with the route-map still applied somewhere.

Hope to help

Giuseppe

Cool - Thank you for your help Guiseppe!

Giuseppe,

I just had a thought. If you refer to the diagram, I will have some EIGRP networks that will be seperated by BGP.

If I tag all EIGRP routes with a tag of 90 at all sites that have EIGRP, I will deny all routes that are tagged with 90 as they are redistributed back into EIGRP. This would be bad as routes that would be redistributed into BGP from Shelton would have a tag of 90 - so, these same routes...when redistributed back into EIGRP on the MK1006, would be dropped. Does that make sense?

So, would it be better if I tagged EIGRP routes as they were redistributed on each router with a different tag number? For instance; Shelton EIGRP routes would be tagged with 91 as they were redistributed into BGP, Wilmington EIGRP routes would be tagged with 92 as they were redistributed into BGP.....etc..... Then when redistributing BGP into EIGRP on Shelton, I would deny routes tagged with 91 but, permit routes tagged with 92?

Actually I hope I didn't confuse the issue. I won't be doing any redistribution on the Wilmington router initially but, will when we move that router to the MPLS cloud in the near future. But if you replaced the Wilmington router with the MK1006 in the example I tried to explain, the same applys.

Thank you

Hello Patrick,

I have finally had a chance to look at your network diagram (again posting a jpeg image would make easier when dealing with multiple PCs in accessing CSC).

The configuration that you are proposing has the right approach given your very specific network scenario.

The route-tag values has to be diffferentiated per protocol and per site as you have noted.

I think that IOS will write the commands like

match tag value1 value2 value3

because this a logical OR of match of same type in the same route-map block

Besides this, you have done a good job and you deserve a good rating.

So I decided to endorse your post.

Hope to help

Giuseppe

Guiseppe - I appreciate your endorsement but, do you think I am going a little extreme? I'm a little concerned of complicating the network. On the other hand, without some sort of loop prevention I could really be complicating the network.

Do you think I could implement this in stages? I say this because by default the routing protocols should prevent the loops in this scenerio and doing alll this at one time could be scary on a production network.

I noticed when I try to redistribute BGP into another protocol I get the message:

"% "EIGRP2BGP" used as redistribute eigrp into bgp route-map, set tag not supported"

Also, if I am to implement this I'm going to have to have a good argument. If we don't use some kind of loop prevention how would a loop form?

Could you please give a couple of examples in this type of scenerio?

Thank you.