I'm new to the whole MPLS Setup. I'm trying to connect remote sides using BGP on the providers side and OSPF on our side.
I receive lots of routes of Service Provider, is there a way to block these routes at MPLS Router without ACL
So if I understand you correctly, you are using ospf to receive routes from the SP, right?
Are the routes you received, routes from your remote sites only? If so, why would you want to block them.
Is this an L3VPN (MPLS VPN) service that you are buying from your SP? If so the only routes you should receive locally are the one you have advertised at the remote sites and vice versa. Can you further explain your setup.
This is the config provided by service-provider
ip address 172.16.1.241 255.255.255.252
ip verify unicast source reachable-via rx 100
no ip redirects
no ip unreachables
no ip proxy-arp
no cdp enable
router bgp 3412
redistribute ospf 50
neighbor 172.16.1.242 remote-as 45000
My internal Networks are
Remote site I have
when I do show IP Route I see so many routes with different IP ranges comming from
Service Provider.... (( If I stop MPLS connection it doesnt appear ))
If the service you are buying from the SP is l3vpn (MPLS VPN), you show only be receiving routes from your sites. The behavior you are seeing doesn't appear to be correct. There is not much you can do about it by yourself. You definitely want to talk to your SP about it.
I agree with Harold that you should be receiving only what you are sending and you should ask them to stop sending you any routes that you have not requested if they are doing such a thing.
Still, I see that you are running BGP with the provider and you have redistributed OSPF into it (and connected). You might have many smaller subnets in your OSPF network and redistributing them directly into BGP might be causing this issue. Are the networks that you are seeing relevant to your network addressing scheme or not? And how many are they compared to what you expected ?
In any case, if your addressing plan is as simple as you described with distinct ranges at each site, you might consider avoiding redistribution into BGP and inject only those networks in BGP using the "network" command (a high AD static to null 0 might be needed as well). Please let us know if you need any assistance on accomplishing this.
Please realize first that this change I suggest can be an intrusive operation. I do not expect any serious downtime, but sometimes the meaning of "serious" depends on the services one runs and other times downtime lasts longer due to unforeseen technical difficulties.
If I haven't scared you enough by now, please make sure the below addresses that you posted previously are the only blocks you have:
Local site: 192.168.1.0/24, 10.1.1.0/24
Remote site :192.168.150.0/24
If this is correct, then:
router bgp 3412
network 192.168.1.0 mask 255.255.255.0
network 10.1.1.0 mask 255.255.255.0
ip route 192.168.1.0 255.255.255.0 null0 254
ip route 10.1.1.0 255.255.255.0 null0 254
Remote site :
router bgp 3412
network 192.168.150.0 mask 255.255.255.0
ip route 192.168.150.0 255.255.255.0 null0 254
After you do this, confirm that both endpoints are receiving the corresponding remote routes with the correct masks (sh ip bgp
p.s. I will try to check this thread regularly in case you need anything else.
Also, please let us know about the outcome and any issues you encountered. It is always useful to know this type of information for future reference.
Route-filtering is a good suggestion in general, especially if the provider is sending irrelevant routes. Still, even in this case, the provider should stop doing this (not only because it is not necessary, but also because it could indicate that the security of the L3 MPLS VPN solution is at risk).
We can move to future protective measures after the routing between sites is confirmed, to make it easier to troubleshoot any unexpected issues. We do not have an answer yet about who is causing this: the customer side redistribution only or the provider as well? If the injection of routes is performed using network command only, then we will know if provider does send anything else not required because the customer routes will be only 3.
Also note that the procedure I suggested is the safest way to go. First propagate the BGP network command injected routes and then remove the redistribution. This will cause minimal disruption if any at all. This procedure can only cause routing issues only if there are additional networks that have not been mentioned or the addressing scheme is not exactly the one that was reported (any unmentioned networks will become unreachable from the one site to the other). And of course there can always be "unforeseen technical difficulties" such as bugs or anything else.
The provider Only should redistribute Or actually redistributed into bgp, Why the customer has to do this in his router since he was running OSPF with the provider?
There has been a misunderstanding at the beginning. Although Harold asked about the protocols there was no clear answer until the configuration was posted. This configuration cannot possibly be the provider side BGP configuration (no vrf forwarding on interface, no ipv4 vrf address-family in BGP process, and there is a remote BGP peer that doesn't apply when OSPF is used as the PE-CE routing protocol), but is rather on the customer side and it has been given to the customer by the provider to help setting the customer side.
Customer uses OSPF as an IGP and uses BGP to connect to the service provider. To advertise networks between sites, customer uses redistribution of connected and ospf into the BGP and passes the routes to the provider via BGP.