cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
633
Views
0
Helpful
5
Replies

Perimeter network and BGP->OSPF redistribution question

news2010a
Level 3
Level 3

Hi, can you confirm if doing redistribution BGP to OSPF on the 6509 switch (in red) would be the typical way to allow routing of my intervlan and then allow me to route traffic in/out via the AS 1803 (ISP)?

Please see attached diagram for detailed explanation.

1 Accepted Solution

Accepted Solutions

Hello Marlon,

until both C6509 have complete knowledge of internat network you should be able to route to outside world using default route that the C3750 stack can inject in the OSPF domain.

For more safety I would provide a direct L3 link between the two C6500 so that should an SVI be shutted down on C6500_1 the traffic destined to that subnet is sent to C6500_2 and not to the C3750 stack.

If you don't use passive-interface on client vlans you have already multiple parallel links between the two C6500.

The C3750 stack can advertise internal network subnets as described in my first post: using network command under router bgp (preferred) or by using redistribute ospf (to be used only if the number of subnets makes not feasible the network command approach).

Hope to help

Giuseppe

View solution in original post

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Marlon,

redistributing BGP into OSPF has become uncommon.

on the devices that run both BGP and OSPF you can:

send a default route in the OSPF domain

using

default-information originate metric-type 1 [route-map check_ebgp]

on the same device you can :

redistribute OSPF into BGP

router bgp 2000

redistribute ospf 10

or if the number of networks is low you can use directly the network command in BGP process:

router bgp 2000

network 172.16.4.0 mask 255.255.255.0

network 172.16.5.0 mask 255.255.255.0

no auto-summary

no sync

So it is even possible to handle this scenario without using any redistribution.

Redistributing BGP into OSPF is dangerous: BGP can handle much more routes then OSPF does so it is recommended to never do it without a route filter.

Hope to help

Giuseppe

If the 6509 is just handling your internal network, why not send all traffic to the 3750 stack as a default route?

That way you don't even have to run BGP on the 6509.

Huang:

You can.

Giuseppe was creating a solution for you to be able to advertise a default route through your OSPF domain using the command he mentioned. This way all Internet-bound traffic will take the default to the 6509.

On the 6509, assuming you're running BGP on it, since it is acting as an ASBR, you can allow only a default route through BGP using a filter, as Giuseppe suggests, or you can create a static route to the 3750 and be done with it.

But, if you're learning the whole Internet routing table through BGP and you redistribute that into your OSPF domain, you may crash your routers and shut down your network.

HTH

Victor

news2010a
Level 3
Level 3

Thanks.

How about the case that if I have (2) 6509's in the internal network;

Is it still wise to use a default route to send the traffic to the 3750 - perimeter stack?

Hello Marlon,

until both C6509 have complete knowledge of internat network you should be able to route to outside world using default route that the C3750 stack can inject in the OSPF domain.

For more safety I would provide a direct L3 link between the two C6500 so that should an SVI be shutted down on C6500_1 the traffic destined to that subnet is sent to C6500_2 and not to the C3750 stack.

If you don't use passive-interface on client vlans you have already multiple parallel links between the two C6500.

The C3750 stack can advertise internal network subnets as described in my first post: using network command under router bgp (preferred) or by using redistribute ospf (to be used only if the number of subnets makes not feasible the network command approach).

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco