BGP Problem

I have a network based on 4 nodes in a ring topology (BK - DL - DH - WH). Two (physically adjacent) nodes (BK and DL) are running BGP (iBGP with each other and eBGP with two nodes from the same ISP). The ISP is advertising a default route only to both peers. Nodes DH and WH are not running BGP, but get their default from BK and DL injecting the bgp default into the igp.

Networks based at BK and WH are advertised out of BK using the bgp network command. Networks based at DL and DH are advertised out of DL with the bgp network command.

I have configured route maps at BK to change the metric (MED) of the routes advertised to the ISP so that networks closest to BK (BK and WH) get advertised out of BK with a MED of 100 whilst networks closest to DL (DL and DH) get advertised out of BK with a MED of 200. The same goes for adverts from DL.

This means that outgoing traffic leaves via the nearest (to the source) exit point and incoming traffic enters via the nearest (to the dest.) entry point. This is necessary since there is a pix firewall between the ebgp peers.

I see a problem when we lose the link between BK and WH. WH will see a new default (from DL via DH) but BK will still be advertising WH networks with a better metric (100). This will cause traffic from WH to leave via DL but return via BK. The pix will drop the return traffic and there is my problem.

I've tried assigning the igp metrics to the MED value which works when the internal WAN cct goes down but when it comes back up the bgp update (caused by the change in igp route and therefore bgp metric) is suppressed.

What I'm looking for is a clever way of triggering a bgp update when there is a specific igp topology change.

It's late as I post this and it barely makes sense to me so if anyone needs a diagram, drop me a line.




Re: BGP Problem

One way is going to be with conditional advertisement:

You could simply not advertise the routes connecting to DL out of BK unless the BK to ISP link fails, so traffic will always flow the right direction as long as the other router is still up (which you can actually see through the routing table you're learning from the ISP rather than the internal network).

Another option might be to set your MEDs based on the IGP metric, rather than setting it through a route map. If the IGP metric changes due to a link change, the MED will change as well, and possibly route the traffic to the other entry point. This might be a little more complicated to set up (and make it work right), but it seems possible.


