Solved: Load Balancing with OSPF and BGP

mmacdonald70 · ‎05-23-2009

We will be using two Internet connections, a primary and a secondary. Each connection will have a router with a BGP session to the ISP, who will announce a default route.

I understand that the "default information-originate" will add a default route into OSPF if I receive a default though BGP but is there a preferred way to add a metric so that the primary link is preferred?

Giuseppe Larosa · ‎05-24-2009

Hello Matthew,

having two ASBR routers advertising 0.0.0.0/0, the best choice is to use OSPF E1 type of route that takes in account the cost to reach the ASBR and the seed metric.

you can deploy an iBGP session between them as suggested by Rick.

OSPF default information-originate allows to invoke a route-map.

The route-map can check the following conditions:

the presence of 0.0.0.0/0 net in BGP table;

the BGP next-hop of the 0.0.0.0/0 route (very important to discriminate what router should advertise the default route in the OSPF domain)

based on these conditions the route-map can set some attributes of the generated OSPF default route:

metric-type 1 (O E1)

metric 50 (seed metric )

We have used this schema years ago for internet access with the two ASBR nodes in two different POPs in two different towns with good success.

config example can be:

ip prefix-list only-default permit 0.0.0.0/0

access-list 11 permit host ISP-eBGP-neigh-ip-addr

route-map check_bgp permit 10

match ip address prefix only-default

match ip next-hop 11

set metric-type 1

set metric 50

router ospf 10

default-information originate route-map check_bgp

on the second router you should use a greater seed metric taking in account the different internal OSPF path costs:

if you want it to be used only when primary ISP fails you can use a seed metric of 500 or more.

Hope to help

Giuseppe

View solution in original post

Richard Burts · ‎05-23-2009

Matthew

Your post talks about each connection will have a router with a BGP session to the ISP. But it does not mention whether you are planning to run IBGP between the routers. There is a good solution to your question if you do run IBGP between the routers. Assuming that you do run IBGP then the routers will share BGP information with each other. You can configure Local Preference so that routes (including the default route) from the "primary" ISP are preferred over routes from the other ISP. Since the default from the primary ISP is preferred the default route learned from the other ISP will not be put into the routing table unless the default route from the primary ISP is withdrawn. This means that your OSPF will advertise the default route coming from the router with the primary connection.

HTH

Rick

HTH

Rick

mmacdonald70 · ‎05-24-2009

There are currently no plans to run iBGP. This could change if we determine that it offers the best solution.

Giuseppe Larosa · ‎05-24-2009

Hello Matthew,

having two ASBR routers advertising 0.0.0.0/0, the best choice is to use OSPF E1 type of route that takes in account the cost to reach the ASBR and the seed metric.

you can deploy an iBGP session between them as suggested by Rick.

OSPF default information-originate allows to invoke a route-map.

The route-map can check the following conditions:

the presence of 0.0.0.0/0 net in BGP table;

the BGP next-hop of the 0.0.0.0/0 route (very important to discriminate what router should advertise the default route in the OSPF domain)

based on these conditions the route-map can set some attributes of the generated OSPF default route:

metric-type 1 (O E1)

metric 50 (seed metric )

We have used this schema years ago for internet access with the two ASBR nodes in two different POPs in two different towns with good success.

config example can be:

ip prefix-list only-default permit 0.0.0.0/0

access-list 11 permit host ISP-eBGP-neigh-ip-addr

route-map check_bgp permit 10

match ip address prefix only-default

match ip next-hop 11

set metric-type 1

set metric 50

router ospf 10

default-information originate route-map check_bgp

on the second router you should use a greater seed metric taking in account the different internal OSPF path costs:

if you want it to be used only when primary ISP fails you can use a seed metric of 500 or more.

Hope to help

Giuseppe

mmacdonald70 · ‎06-20-2009

Thanks this worked perfectly

huangedmc · ‎08-21-2009

We have a need to set up something very similar for two locations that will load share between each other, plus a few other sites that are on a fiber ring.

Internet -- PE -- CE -- ASA -- LAN

Our CE's are managed by ISP, and we're simply pointing the default route to the CE's LAN interface at each location.

So I was planning on configuring just ospf on the ASA5520's behind the CE's like this:

interface Loopback1

description Simulate Internet next-hop

ip address 10.1.240.111 255.255.255.255

router ospf 1

router-id 10.1.240.11

log-adjacency-changes

network 10.60.0.0 0.0.31.255 area 10.60.0.0

network 10.60.254.1 0.0.0.0 area 0

network 10.60.254.62 0.0.0.0 area 0

default-information originate metric-type 1 route-map NEXT-HOP-CHECK

ip route 0.0.0.0 0.0.0.0 Loopback1

ip access-list standard ACL-ISP-NEXT-HOP

permit 10.1.240.111

!

route-map NEXT-HOP-CHECK permit 10

match ip next-hop ACL-ISP-NEXT-HOP

I put it in our lab, but other L3 devices are not receiving the default.

As soon as I remove the route-map from the default-information originate statement, 0/0 is advertised out to the ospf neighbors.

Is there something wrong w/ the way I'm doing it?

Is the "match ip next-hop" statement only applicable to bgp next hops?

Also, does it have to be the IMMEDIATE next hop, or can it be two hops away?

Reason I ask this is the CE is on our premises, so I need to "probe" the interface on the other side of the circuit (PE), which is two hops away from the ASA.

Giuseppe Larosa · ‎08-21-2009

Hello Kevin,

in my original setup the match ip next-hop has been used for the BGP next-hop of a BGP route.

The router had actually two eBGP peers with links with different speeds.

And the internet gateways were two in two different towns.

Here you have a different scenario with no BGP on the ASA.

I would do the following:

router ospf 1

default-information originate metric-type 1

then I would look for using reliable static routing that is tracing the PE node for example.

You should look at ASA configuration guide to see if reliable static routing is supported.

the idea is that the default route in OSPF is generated only if one is present in the ASA ip routing table.

Hope to help

Giuseppe

huangedmc · ‎08-21-2009

Thanks for the prompt response.

I had a static default in my lab config because I don't have an upstream router to send dynamic routes to my ASA in lab.

I was going to shut down the loopback to simulate a withdrawl of 0/0.

So...it sounds like match ip next-hop is BGP specific?

Meaning if I ask our ISP to send us default via BGP, this should work?

Even though the route-map in your setup above is applied under ospf process, it's actually checking next-hop via BGP?

I'll also look into reliable static routing as you suggested but I'd like to know all the possible options.

thanks.

huangedmc · ‎08-25-2009

I just confirmed the reliable static routing is supported on ASA.

I was able to remove the default route by shutting down the simulated WAN link.

Could you still answer my previous questions though?

thanks.

Giuseppe Larosa · ‎08-25-2009

Hello Kevin,

>> So...it sounds like match ip next-hop is BGP specific?

Meaning if I ask our ISP to send us default via BGP, this should work?

Even though the route-map in your setup above is applied under ospf process, it's actually checking next-hop via BGP?

yes to questions 2,3 that is what counts in this scenario.

question1 it is no it should work also for routes not coming from BGP

see

http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi1.html#wp1013961

You may have had troubles with the way you tried to emulate the default route using an interface of the local node as next-hop.

Hope to help

Giuseppe