Best Practise - Multi site connection#

Unanswered Question
Jul 22nd, 2009


HeadOffice is connecting to branch offic e via MPLS Cloud running BGP and some office connected point-2-point via Fiber.

OSPF is running with P-2-P offices and BGP with MPLS.

What is the best approach to accept traffic from branch-office without serivce provider ip range and allow only required network to branch office

how would ospf and bgp talk to each other, as of now its all messed up !!!




Router ospf 66

network are 0

network area 0 area 0

###Branch_Offce ### ( network )

## Fiber_branch_offce ## ( network )

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ronald.ramzy Wed, 07/22/2009 - 11:34

Not really.

I have little knowledge of OSPF and corporate policy is to go with OSPF.

So can get some help.

Giuseppe Larosa Wed, 07/22/2009 - 12:17

Hello Ronald,

first of all you need to decide which links are primary and which are secondary.

Second it is important to know if the p-t-p links and the MPLS links are terminated on different routers or on the same node.

Using a standard configuration direct point-to-point links OSPF prefers these links.

If using a single router eBGP is preferred over OSPF on local node for better AD (20<110) but then when BGP routes are redistributed into OSPF as external routes they are less preferred then internal routes learned on p-t-p links.

So first you need to decide what you want to do and to describe the scenario.

Hope to help


ronald.ramzy Wed, 07/22/2009 - 12:55


At Main_Site we hve

3560 - All VLANS are configured and p-2-p link is terminated on it directly.

2800_RTR - configured with service_provider MPLS ( BGP is configured here ) and connected to 3560 as uplink

Remote_Site and p-2-p sites have 1840_RTR and 2960 switch, each site with one ip range of /24 and ospf running.

1840_RTR is the default Gateway for the users.

BGP connection with service_provider brings 100 of other network information with it which I dont need.

I need to block unwanted network and allow only lan subnets from Main_Site and similar to remote Site.

Do I need to forward packet from BGP to OSPF and vice-versa, so branch can talk to Main_site.

Can i get this filtering help and recommendation.

Giuseppe Larosa Fri, 07/24/2009 - 03:57

Hello Ronald,

>> BGP connection with service_provider brings 100 of other network information with it which I dont need.

Contact service provider they have made some config error and have joined your vpn with that of somebody else.

on a temporary term you can create a route filter on your BGP router:

ip prefix-list PLmy_own_routes permit le 24 ge 24

route-map my_own_routes permit 10

match ip address prefix-list PLmy_own_routes

router bgp your.ASN

neigh provider.ipaddr route-map my_own_routes in

However, Ronald you need to decide what links are primary and what are secondary.

With default settings remote sites will try to use MPLS links to reach central site for the lower AD of eBGP.

On central site because multiple devices are involved p-t-p links are used to reach remote site prefixes.

on remote site routers to use p-t-p OSPF links you need to use

router bgp your.AS

distance bgp 120

on 2800 rtr you need to configure redistr. of eBGP routes into OSPF and to advertise central sites routes into BGP.

router ospf 10

red bgp your.ASN route-map selected_routes subnets

route-map selected_routes permit 10

match ip address prefix-list


This is just a proposal under hyphotesis mpls links will be the backup / secondary paths.

Hope to help



This Discussion