BGP/MPLS/Default Route question

Unanswered Question
Dec 4th, 2008
User Badges:

My company is using the Verizon Business MPLS infrastructure to connect our sites together. Currently, each site has it's own Firewall and internet connection and things are working fine. However, at a couple of sites, we want to remove the FW and Internet connection and route all traffic across the MPLS network to our data center and out to the internet from there. The remaining sites will continue to use their existing internet connections.


I am currently using OSPF as my IGP and successfully redistributing (via route maps) network to/from BGP. Also, I currently have a static default route that points to the firewall. This needs to go away and send everything over the MPLS network.


I guess the question is, what is the best way to advertise a default route to selected sites so that they get routed across the MPLS network?


Here is a sample config from my data center router...


router ospf 6500

log-adjacency-changes

redistribute bgp 6500 subnets route-map Allow_from_BGP

network <data center internal network> area 0

!

router bgp 6500

no synchronization

bgp log-neighbor-changes

redistribute ospf 6500 route-map Allow_into_BGP

neighbor <Verizon Router> remote-as 65000

no auto-summary




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 12/04/2008 - 13:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

hello Cory,


it is easy to advertise the default route to all the sites from one site.

The ones without the static default route will use it. (use an AD < 20 for the static default route to be preferred over the eBGP one)


You need to modify NAT at central site accordingly


Hope to help

Giuseppe


derrickc Thu, 12/04/2008 - 14:56
User Badges:

so, just use the neighbor {ip address} default-originate command?

Jon Marshall Thu, 12/04/2008 - 15:15
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes advertise this from the central site BGP router. Any sites you want to use this route remove the local static route from within the site.


Sites which you don't want to use this route from BGP should keep their local static route. Make sure that the local static route has a lower AD than the BGP one that is redistributed into OSPF. It should do but can't say for sure not knowing each sites full topology.


Jon

derrickc Thu, 12/04/2008 - 19:53
User Badges:

I think I may need to clarify a bit...and include configs from the data center side, and a remote site...


Our data center is hosted at a large facility in Atlanta. Our connection is dropped of as ethernet which goes into our ASA firewall. The firewall internal interface then connects to a small subnet that also contains our core 4507 switch (which provides routing for all other local networks) and finally our 3845 router that connects to Verizon's MPLS network that provides connectivity to our other sites. The ASA, 4507, and 3845 are all running OSPF and are internal to our network. The 4507 has a static default route that points to the Firewall. This static default route is redistributed into OSPF and show correctly on the MPLS router as:


O*E2 0.0.0.0/0 [110/1] via 100.100.8.5, 00:09:52, GigabitEthernet0/0


What I'm trying to do is get a couple of remote sites to use this default route to send traffic across the MPLS network to the data center, then up and out through the firewall. The router running BGP is not our internet router. It simply connects to Verizon's MPLS cloud for remote site connectivity.


Here is the important info from the 4507 in the data center


router ospf 6500

log-adjacency-changes

redistribute static subnets

network 100.100.0.0 0.0.255.255 area 0

default-information originate

!

ip route 0.0.0.0 0.0.0.0 100.100.8.5 - sends traffic to the FW.



Here is the important info from the MPLS router in the data center (again, this is not our Internet router...all internet traffic is routed to and out the ASA and handed off to our hosting service)


router ospf 6500

log-adjacency-changes

redistribute bgp 6500 subnets route-map Allow_from_BGP

network 100.100.0.0 0.0.255.255 area 0

!

router bgp 6500

no synchronization

bgp log-neighbor-changes

redistribute ospf 6500 route-map Allow_via_BGP

neighbor 152.164.204.29 remote-as 65000

no auto-summary



The remote sites pretty much have the same setup. Currently, they each have their own Internet connection, a firewall, a core router/l3 switch, and the MPLS router to connect to Verizon. Again the MPLS connection is internal to our network. So the branch configs look like this...


Branch core internal router


router ospf 6500

log-adjacency-changes

redistribute static subnets

network 100.200.0.0 0.0.255.255 area 0

default-information originate

!

ip route 0.0.0.0 0.0.0.0 100.200.8.5 - sends traffic to the local branch FW.


Branch MPLS router


router ospf 6500

log-adjacency-changes

redistribute bgp 6500 subnets route-map Allow_from_BGP

network 100.200.0.0 0.0.255.255 area 0

!

router bgp 6500

no synchronization

bgp log-neighbor-changes

redistribute ospf 6500 route-map Allow_via_BGP

neighbor 152.164.204.13 remote-as 65000

no auto-summary



So what I'm trying to do is get rid of the current static default route:


ip route 0.0.0.0 0.0.0.0 100.200.8.5


and replace is with a learned route from the data center so that all traffic is routed to the data center and out the internet connection there. The local internet connection at a couple of our sites is going away and I want to send the traffic to the data center via the MPLS network.


Please let me know if you need further clarification...


TIA!



Giuseppe Larosa Fri, 12/05/2008 - 01:02
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Cory,

your topology is more complex then what I have supposed in my first post.


However, it is still possible to implement it.


Central site


Internal Router ---|---- MPLS router

FW


remote site


MPLS router ---- |--- Internal router

[FW] to be dismissed


the MPLS router on central site has to inject a default route on the eBGP session towards SP PE node.

The SP signalling plane will propagate the defaul route to all other sites that are in the same L3 VPN.

The branch MPLS router has to accept the default route over the eBGP session and to redistribute it inside OSPF, or to generate an OSPF default route conditioned on the presence of an eBGP 0.0.0.0 prefix with a specific BGP next-hop.

This external OSPF default route has to be the preferred one.

Because OSPF O E1 are preferred over O E2 you could make the branch MPLS router to generate a type E1 default route.


on the branch


ip prefix-list only-default permit 0.0.0.0/0

access-list 11 permit host branch.PE.ipaddress


route-map check_ebgp_default permit 10

match ip next-hop 11

match ip address prefix-list only-default


router ospf 6500

default-information originate route-map check_ebgp_default type 1


or simply

default-information originate type 1


on the branch datacenter router


remove the ip route 0.0.0.0 0.0.0.0 100.200.8.5

remove inside ospf process 6500

default-information originate


OR

replace the default static route with a floating static route (if you want to keep it for backup)

ip route 0.0.0.0 0.0.0.0 100.200.8.5 150


the default route injected by the branch MPLS router should be preferred for its lower AD.


Hope to help

Giuseppe


Actions

This Discussion