BGP questions

John Blakley · ‎03-24-2009

All,

We're moving to an MPLS solution. Currently, we run BGP with our provider. We've installed a vwic2 inside of a router that has a vwic2 already installed.

vWIC2:1 IP: 172.20.95.1

vWIC2:2 IP: 172.30.95.1

int FA0/0 IP: 10.125.95.1

router bgp 5

network 10.125.95.0 mask 255.255.255.0

network 172.30.95.0 mask 255.255.255.252

network 172.20.95.0 mask 255.255.255.0

neighbor 172.20.95.2 remote-as 5555 (our router because it's P2P)

neighbor 172.30.95.2 remote-as 6666 (provider AS)

The provider is saying that we will be okay to connect the circuit to the new vWIC and bring up the interface, and BGP is smart enough to not create a loop. I'm a little concerned since we are partnering with our router for the 172.20.x.x subnet and the other subnet is going to them.

Is this really not going to cause problems?

Thanks,

John

HTH, John *** Please rate all useful posts ***

lamav · ‎03-24-2009

John, you lost me.

Whats the problem?

You have 2 WAN interfaces with 2 diffferent IP addresses, each peering with an IP address on their own subnet....

I must be missing something...

John Blakley · ‎03-24-2009

We peer with AT&T, and we're moving off of IP frame relay to MPLS.

There's no "problem." I want to make sure I don't have a routing loop by peering with the same provider, and advertising my local network. They are "different" providers per se in that we have different addresses that we're peering with.

Thanks,

John

HTH, John *** Please rate all useful posts ***

Edison Ortiz · ‎03-24-2009

If you want to prevent from becoming a 'transit' router, you can advertise just the prefixes originated within your network with the following route-map:

ip as-path access-list 1 permit ^$

route-map LOCAL-NETS

match as-path 1

router bgp xxx

neighbor x.x.x.x route-map LOCAL-NETS out

The ISP should have their method from preventing the routes coming from the other connection to be advertised through you but you can implement this safety feature as well.

HTH,

__

Edison.

John Blakley · ‎03-24-2009

Edison,

We weren't told that we needed to do this. What does the permit ^$ mean?

Is the provider incorrect that we should be able to peer with two different IPs in their same network (172.20.x.x and 172.30.x.x)? They're supposed to provide a service that they call "interworking" which allows the "new" 172.30.x.x addresses to talk to our 172.20.x.x addresses that haven't been migrated over yet. I'm concerned about this because of the new and old connections in the same router, and wondering if it'll create a loop.

I may not have to worry about that part since they are the provider. =)

John

HTH, John *** Please rate all useful posts ***

Edison Ortiz · ‎03-24-2009

What does the permit ^$ mean?

As stated on my previous post; advertise only prefixes originated from my AS.

Even if the ISP is doing their job, it's common practice to implement this configuration on a WAN edge router when BGP peering to multiple providers.

Is the provider incorrect that we should be able to peer with two different IPs in their same network (172.20.x.x and 172.30.x.x)?

No, they are not incorrect.

and wondering if it'll create a loop.

No loop should be created. What could happen if the ISP fails to implement this correctly, it's that you may become a transit AS.

__

Edison.

CriscoSystems · ‎03-24-2009

^$ is a POSIX-compliant regular expression that will match any string it's compared against.

^ causes the regular expression to match whatever strings follow it; e.g. the regular expression ^abs will match "absolute," "abs," and "absquatulate." $ causes the regexp to match anything preceeding it.