Best Practise - Multi site connection#

ronald.ramzy · ‎07-22-2009

Hi,

HeadOffice is connecting to branch offic e via MPLS Cloud running BGP and some office connected point-2-point via Fiber.

OSPF is running with P-2-P offices and BGP with MPLS.

What is the best approach to accept traffic from branch-office without serivce provider ip range and allow only required network to branch office

how would ospf and bgp talk to each other, as of now its all messed up !!!

==============

##HeadOffice#

=============

Router ospf 66

network 192.168.1.0 0.0.0.255 are 0

network 172.16.1.0 0.0.0.255 area 0

172.17.1.0 0.0.0.3 area 0

###Branch_Offce ###

172.16.10.0 255.255.255.0 ( network )

## Fiber_branch_offce ##

172.16.15.0 255.255.255.0 ( network )

Joseph W. Doherty · ‎07-22-2009

Have you considered the possiblity of using BGP across the p-2-p link rather than OSPF?

ronald.ramzy · ‎07-22-2009

Not really.

I have little knowledge of OSPF and corporate policy is to go with OSPF.

So can get some help.

Giuseppe Larosa · ‎07-22-2009

Hello Ronald,

first of all you need to decide which links are primary and which are secondary.

Second it is important to know if the p-t-p links and the MPLS links are terminated on different routers or on the same node.

Using a standard configuration direct point-to-point links OSPF prefers these links.

If using a single router eBGP is preferred over OSPF on local node for better AD (20<110) but then when BGP routes are redistributed into OSPF as external routes they are less preferred then internal routes learned on p-t-p links.

So first you need to decide what you want to do and to describe the scenario.

Hope to help

Giuseppe

ronald.ramzy · ‎07-22-2009

Hi,

At Main_Site we hve

3560 - All VLANS are configured and p-2-p link is terminated on it directly.

2800_RTR - configured with service_provider MPLS ( BGP is configured here ) and connected to 3560 as uplink

Remote_Site and p-2-p sites have 1840_RTR and 2960 switch, each site with one ip range of /24 and ospf running.

1840_RTR is the default Gateway for the users.

BGP connection with service_provider brings 100 of other network information with it which I dont need.

I need to block unwanted network and allow only lan subnets from Main_Site and similar to remote Site.

Do I need to forward packet from BGP to OSPF and vice-versa, so branch can talk to Main_site.

Can i get this filtering help and recommendation.

ronald.ramzy · ‎07-24-2009

can get some help on this...

Giuseppe Larosa · ‎07-24-2009

Hello Ronald,

>> BGP connection with service_provider brings 100 of other network information with it which I dont need.

Contact service provider they have made some config error and have joined your vpn with that of somebody else.

on a temporary term you can create a route filter on your BGP router:

ip prefix-list PLmy_own_routes permit 10.10.0.0/16 le 24 ge 24

route-map my_own_routes permit 10

match ip address prefix-list PLmy_own_routes

router bgp your.ASN

neigh provider.ipaddr route-map my_own_routes in

However, Ronald you need to decide what links are primary and what are secondary.

With default settings remote sites will try to use MPLS links to reach central site for the lower AD of eBGP.

On central site because multiple devices are involved p-t-p links are used to reach remote site prefixes.

on remote site routers to use p-t-p OSPF links you need to use

router bgp your.AS

distance bgp 120

on 2800 rtr you need to configure redistr. of eBGP routes into OSPF and to advertise central sites routes into BGP.

router ospf 10

red bgp your.ASN route-map selected_routes subnets

route-map selected_routes permit 10

match ip address prefix-list

PLmy_own_routes

This is just a proposal under hyphotesis mpls links will be the backup / secondary paths.

Hope to help

Giuseppe