10-09-2008 02:16 AM - edited 03-03-2019 11:51 PM
Hey,
I have a question for all the network professionals out ther..
I am working on a big project..
Basically, I work for an ISP.
I have 2 7609 routers connecting to 2 Gateway Service Routers (GSR).
My question is..
These GSR act as a Gateway, interacting with other ISP providers (eBGP)...
Should our 7609 routers pass routes at an ISIS level as well as a iBGP level..
Or should it only pass routes at a iBGP level..??
PR
Solved! Go to Solution.
10-09-2008 02:53 AM
HI PR, [Pls RATE if HELPS]
@ 7609:
=======
Considering your 7609 Router as the Controlling Router, the 7609 Router has to pass routes at a IBGP Level.
neighbor aaa.bbb.ccc.ddd remote-as xxxx
neighbor aaa.bbb.ccc.ddd description IBGP for GSR
neighbor aaa.bbb.ccc.ddd update-source Loopback0
neighbor aaa.bbb.ccc.ddd version 4
neighbor aaa.bbb.ccc.ddd activate
neighbor aaa.bbb.ccc.ddd send-community both
neighbor aaa.bbb.ccc.ddd soft-reconfiguration inbound
neighbor aaa.bbb.ccc.ddd distribute-list DENY-ALL in
neighbor aaa.bbb.ccc.ddd route-map other-ISP out
Extended IP access list DENY-ALL
deny ip any any
route-map other-ISP, permit, sequence 10
Match clauses:
ip address prefix-lists: Self-Prefix-Originating
Set clauses:
community xxxx:yyyy
Policy routing matches: 0 packets, 0 bytes
@ GSR:
======
neighbor http://www.xxx.yyy.zzz remote-as xxxx
neighbor http://www.xxx.yyy.zzz description IBGP for GSR
neighbor http://www.xxx.yyy.zzz update-source Loopback0
neighbor http://www.xxx.yyy.zzz version 4
neighbor http://www.xxx.yyy.zzz activate
neighbor http://www.xxx.yyy.zzz soft-reconfiguration inbound
neighbor http://www.xxx.yyy.zzz prefix-list IBGP-IN in
neighbor http://www.xxx.yyy.zzz distribute-list IBGP-OUT out
ip prefix-list IBGP-IN seq 5 permit 0.0.0.0/0 le 24
Extended IP access list IBGP-OUT
deny ip any any
Hope I am Informative.
Pls RATE if HELPS
Best Regards,
Guru Prasad R
10-09-2008 02:45 AM
Hi there!
Depending how you configure the BGP process. If you want to build the peering over the loopback IP addresses (for better scalability, redundancy..) then you need in between a IGP (IS-IS in your case) to advertise the loopbacks. Also if you use synchronization with BGP you need IGP.
Regarding your routes, from my experince we passed always the routes at BGP level and not IS-IS (except the ones above). You have less headache in case of troubleshooting, if you pass them only through BGP.
Again, this depends on the local config of iBGP.
Good luck!
Calin
10-09-2008 03:59 AM
chiorean.calin,
Thanks for your reply.
I do want to have the peering made on the loopbacks, for scalability and redundancy.
Therefore I will need an IGP, makes sense..
I don't want to have the routes learned via ISIS to be passed to the GSR's..
How do you recommend blocking them??
Route-map on the exiting interface pointing to my GSR??
Let me know..
PR
10-09-2008 05:27 AM
Hi!
Why to block? Do no configure isis on the interfaces that you do not want to be advertised over isis.
That's it!
Good luck!
Cheers,
Calin
10-09-2008 02:53 AM
HI PR, [Pls RATE if HELPS]
@ 7609:
=======
Considering your 7609 Router as the Controlling Router, the 7609 Router has to pass routes at a IBGP Level.
neighbor aaa.bbb.ccc.ddd remote-as xxxx
neighbor aaa.bbb.ccc.ddd description IBGP for GSR
neighbor aaa.bbb.ccc.ddd update-source Loopback0
neighbor aaa.bbb.ccc.ddd version 4
neighbor aaa.bbb.ccc.ddd activate
neighbor aaa.bbb.ccc.ddd send-community both
neighbor aaa.bbb.ccc.ddd soft-reconfiguration inbound
neighbor aaa.bbb.ccc.ddd distribute-list DENY-ALL in
neighbor aaa.bbb.ccc.ddd route-map other-ISP out
Extended IP access list DENY-ALL
deny ip any any
route-map other-ISP, permit, sequence 10
Match clauses:
ip address prefix-lists: Self-Prefix-Originating
Set clauses:
community xxxx:yyyy
Policy routing matches: 0 packets, 0 bytes
@ GSR:
======
neighbor http://www.xxx.yyy.zzz remote-as xxxx
neighbor http://www.xxx.yyy.zzz description IBGP for GSR
neighbor http://www.xxx.yyy.zzz update-source Loopback0
neighbor http://www.xxx.yyy.zzz version 4
neighbor http://www.xxx.yyy.zzz activate
neighbor http://www.xxx.yyy.zzz soft-reconfiguration inbound
neighbor http://www.xxx.yyy.zzz prefix-list IBGP-IN in
neighbor http://www.xxx.yyy.zzz distribute-list IBGP-OUT out
ip prefix-list IBGP-IN seq 5 permit 0.0.0.0/0 le 24
Extended IP access list IBGP-OUT
deny ip any any
Hope I am Informative.
Pls RATE if HELPS
Best Regards,
Guru Prasad R
10-09-2008 04:45 AM
Thanks Again,
I came up with something similar...
We are not too off.. Here is mine.. Let me know what you think!!
@7609
======
neighbor aaa.bbb.ccc.ddd remote-as %%%%%
neighbor aaa.bbb.ccc.ddd description to 7609
neighbor aaa.bbb.ccc.ddd update-source Loopback0
neighbor aaa.bbb.ccc.ddd version 4
neighbor aaa.bbb.ccc.ddd next-hop-self
neighbor aaa.bbb.ccc.ddd send-community
neighbor aaa.bbb.ccc.ddd soft-reconfiguration-inbound
neighbor aaa.bbb.ccc.ddd prefix-list DENY-ALL in
ip prefix-list DENY-ALL: 1 entries
seq 10 deny 0.0.0.0/0 le 32
@GSR
=======
neighbor aaa.bbb.ccc.ddd remote-as %%%%%
neighbor aaa.bbb.ccc.ddd description 7609
neighbor aaa.bbb.ccc.ddd update-source Loopback0
neighbor aaa.bbb.ccc.ddd version 4
neighbor aaa.bbb.ccc.ddd next-hop-self
neighbor aaa.bbb.ccc.ddd send-community
neighbor aaa.bbb.ccc.ddd soft-reconfiguration -inbound
neighbor aaa.bbb.ccc.ddd prefix-list NODefault in
neighbor aaa.bbb.ccc.ddd prefix-list PASSDEFAULT out
ip prefix-list NODefault: 2 entries
seq 5 deny 0.0.0.0/0
seq 10 permit 0.0.0.0/1 le 32
ip prefix-list PASSDEFAULT description Permit only default
ip prefix-list default-only seq 5 permit 0.0.0.0/0
ip prefix-list default-only seq 10 deny 0.0.0.0/0 le 32
Essentially..
7609 --> GSR
Only the default route should be propagated down to 7609.
7609 should pass the whole Internal ISP table to GSR.
GSR should have the Full Internet Routing Table and Internal ISP Table (which was passed from the 7609)
1. In your example you had the activate command, I don't think that may be relevant is it? it just allows them to understand ipv6 prefixes correct?
2. Your suggestion "distribute-list DENY-ALL in" is similar to my "prefix-list DENY-ALL in" blocking all prefixes arriving from @GSR.. correct?
Please note that I have the "prefix-list NODefault in" because this was a migration project and we didn't want to pass the default to the GSR.
P.S. I have taken over the peering project from another one of my colleagues who I think didn't really do a good job..
Let me know, if I am on the right path..
MAV
10-09-2008 05:01 AM
Hey,
I just looked over my post and noticed a mixed the current config with the porposed config.
The way I posted it, I will block all routes to belearned via ibgp on the @7609...
"neighbor aaa.bbb.ccc.ddd distribute-list DENY-ALL in" on 7609 Will block everything including the default.. (sorry)
That is why I decided to remove it and have the GSR decide what to propagate..
putting the command.. "PASSDEFAULT out" @GSR should block all routes except the default to be learned via iBGP..
PR
sorry my bad
10-09-2008 05:12 AM
HI PR, [Pls RATE all Informative POST]
Thanks for your update & The configuration looks fine.
You are Welcome.
Plese Use the Cisco RATING System.
Best Regards,
Guru Prasad R
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide