We're in the process of moving a large portion of our network to MPLS from GRE/IPSEC VPN. As it stands, I have a 7206 that has about 130 VPN tunnels terminating in it running EIGRP. I just installed a full DS3 terminating in this router and enabled BGP to our ISP. My question is what would be the best way to advertise a default route to my MPLS sites. All sites will gain Internet access from our hub DS3 site. Since our hub router is a VPN router connected directly to the Internet, I've setup policy routing to send traffic over to our firewall that is not within the range of our internal network (VPN router will have all of our network routes in its routing table). Is this the most efficient way of doing it? As to my original question, I was thinking I could set my BGP network statement to net 0.0.0.0 mask 0.0.0.0 and BGP would handle the rest since I have a static default route pointing to our upstream Internet routers. Once traffic arrives at our router from the MPLS network, it will be passed by normal routing to the correct network and anything that doesn't match that will be pushed to our firewalls. I am dumping BGP routes into EIGRP but not vice versa (minimize routes in the MPLS VPN) since this is a hub router for MPLS. The default route will be filtered out of my redistribution b/c it doesn't match my bgp-to-eigrp route-map. Sound right? Is there a better way to do it I'm missing?
Here is a portion of the config:
route-map bgp-to-eigrp permit 10
match ip address 50
route-map MPLS-to-Internet permit 10
match ip address 100
set ip next-hop 10.X.X.3 (firewall)
access-list 50 permit 10.0.0.0 0.255.255.255
access-list 50 permit 220.127.116.11 0.255.255.255
access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
Generally, a default route can be originated from a BGP neighbor in 3 ways:
1. default-information originate + redistribute static (or any dynamic routing protocol having the default route - you may filter only the default route)
2. network command but must make sure the default route is present in the routing table
3. Another way of advertising a default route to a specific BGP neighbor is by issuing the neighbor default-originate command. This method does not require the presence of the 0.0.0.0/0 network in the routing table of the advertising router.
The configuration of the default-information originate command in BGP is similar to the configuration of the network (BGP) command. The default-information originate command, however, requires explicit redistribution of the route 0.0.0.0. The network command requires only that the route 0.0.0.0 is present in the Interior Gateway Protocol (IGP) routing table. For this reason, the network command is preferred.
NOTE If you are using the "default-information originate" the default route must be in the routing table, but if using the "default-originate" in front of a neighbor the default route doesn't need to be in the routing table.
NOTE The only purpose of the "default-information originate" command in BGP is to allow the redistribution of the default route in BGP. The "neighbor default-originate" command on the other hand, does advertise the default route to the specific neighbor whether it is present in BGP or not.
NOTE The default route generated via the default-originate command is kind of considered a special case and is therefore not submitted to the outbound route-map. You have two options if you want to prepend the default route.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
Introduction Basic configuration for netflow Scale parameters for
netflow Netflow support Architecture Packet flow for netflow Inside the
LC CPU Netflow Cache size, maintenance and memory Sample usage Cache
Size Aging Permanent cache Characteristics Which...