BGP Route reflection and confusion

Answered Question
Jan 4th, 2009
User Badges:
  • Bronze, 100 points or more

Hi friends,


I have a network ( Diagram attached)


In this there are two Route reflectors.


Four Edge routers - connecting ISP.Route reflectors are confiured for redundancy.


Route Relector R1,and repective clients are in DC.


Route Reflector R2 and Respective Clients are in DR.



Clent routers will initiate Crypto tunnels to edge routers and reserse route injection will help the serverfarm to reach the clients.


Now For redundance any route comming to RR2 has to go to RR1 and DC network as well.


Here RR1 and RR2 are suppose to be configured as Route reflector Clients again for themselfs( Am i making the point ???)


This leads to lot of confusion - even though the network is workig fine as of now ( no link failures happend yet) im afraid there would be issues in prefix announcement.


Some of the issues :


1.There are Rib- failures

2.There are Prefixes which are not be advertised by clients for some reasons.

3.RRs are having unequal number of prefixes.


Please suggest will this be fine or any alternative for this?







Correct Answer by Giuseppe Larosa about 8 years 5 months ago

Hello Rajeev,

I may be wrong you know much more details about your scenario.

I thought the tunnel can be routed via the ISP links using the eBGP knoweldge of DC and DR IP subnets (including RRS loopbacks).


You mean the tunnel is going via the OSPF cloud.

If so it has a different duty and may be quite useful.

However, there is a risk to advertise all subnets via DC and via DR sites.


Thanks for your kind marks.


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
Loading.
Giuseppe Larosa Sun, 01/04/2009 - 23:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rajeev,

althogh I cannot open your presentation I can answer to your first question:

between the two BGP Route Reflector Servers a normal iBGP session has to be used.

So I suggest you to remove the

neigh x.x.x.x route-reflector-client on both sides for the iBGP session between the RRS.


For the other questions some issues can be related to the addressing plan : is the DR site using different IP subnets or the same IP subnets ?


Hope to help

Giuseppe


Giuseppe Larosa Mon, 01/05/2009 - 01:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rajeev,

yes

a RRS server when it receives an advertisement from one ot its client will:

reflect it to all other clients

propagate it to all non clients (normal iBGP neighbors)


this is the job of RRS: they help to reduce the complexity of iBGP.

RRS need to be fully meshed but each of them represent all its cluster :

cluster = RRS(s) + clients


Now that I can open the ppt:


be aware that ISP1 and ISP2 have the capability to advertise DC site routes to DR site even without the iBGP session between the two RRS.

You can verify this on your border routers with sh ip bgp

Usually in a L3 MPLS VPN provider the SP will change your private AS in its own to let you accept routes in another site


if you see net 10.10.10.0/24 with AS path

100 100 i

200 200 i

the PE node changes your private AS to the SP AS (so you see it twice).


if the service provider isn't overriding your AS you can use on all border routers:

neigh sp.ipaddr allowas-in 1

to accept the prefixes with AS path that contain your own AS (once)


the rib failure could be caused by this iBGP session over the tunnel that actually is not needed as I explained above.


From the point of view of each site the border routers have eBGP sessions with the SP routers and the RRS allows to reflect them.


On the eBGP sessions knowledge of the remote site subnets is received/can be received.

So I think that iBGP session over a tunnel RRS to RRS is not needed.


Hope to help

Giuseppe


rajivrajan1 Mon, 01/05/2009 - 01:51
User Badges:
  • Bronze, 100 points or more

tnx Giuseppe


but when links between DC to ISPs are down, if the client routers have to access DC site , this Tunnel is is required as DC Servers to be advertised back to Clients and Client Networks has to be advertised to DC.



Correct Answer
Giuseppe Larosa Mon, 01/05/2009 - 02:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rajeev,

I may be wrong you know much more details about your scenario.

I thought the tunnel can be routed via the ISP links using the eBGP knoweldge of DC and DR IP subnets (including RRS loopbacks).


You mean the tunnel is going via the OSPF cloud.

If so it has a different duty and may be quite useful.

However, there is a risk to advertise all subnets via DC and via DR sites.


Thanks for your kind marks.


Hope to help

Giuseppe


Actions

This Discussion