Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Dynamic BGP Routing

I have a such network typology,

ISP1----Out1----FW1----In1----In2----FW2----Out2----ISP2

Whenever out2----ISP2 link is down, In2 router will go out thru Out1 and vice versa. How am I going to accomplish that?

Int1 default route to FW1, FW1 default route to Out1

Int2 default route to FW2, FW2 default route to Out2

Int1 and Int2 running OSPF

Out1 and Out2 running BGP with ISP1 and ISP2

Out1 config:

interface FastEthernet0/0 (connect to FW1)

ip address 10.10.10.1 255.255.255.0

interface FastEthernet0/1 (connect to ISP1)

ip address 198.172.0.1 255.255.255.240

router bgp 65000

bgp log-neighbor-changes

network x.66.0.0 mask 255.255.224.0 (Internal Network)

network x.66.192.0 mask 255.255.224.0 (Internal Network)

neighbor 198.172.0.2 remote-as 721 (ISP1)

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 198.172.0.2 (ISP1)

ip route 131.66.0.0 255.255.224.0 10.10.10.2

ip route 131.66.192.0 255.255.224.0 10.10.10.2

I don't want to run any routing protocol on FW, Is running IBGP between Out1 and Out2 enough?

9 REPLIES
Silver

Re: Dynamic BGP Routing

I don't see any problem with your design. You have all routing protocols you need. However, I dont think you should be configuring default static routes in your OUTn. That's what has to change in case a problem occurs. Normally they should be pointing towards respective ISPs. If ISP1 fails, the default for OUT1 should be OUT2.

Hope this helps.

New Member

Re: Dynamic BGP Routing

Rais,

Thanks for your input. Static routes are only way now to create IP routing table outside the FW and it works out fine for 2 years now.

The problem is that whenever ISP link goes down, I have to advertise my internal network thru another ISP link, point internal router's default gateway to other internal router instead of its FW, and exit from the working ISP link.

Here is my goal, I want internal router (Int) to detect the link to ISP is down and Int will turn to its closest (or best cost) internal router and exit from there. How do I do that?

Silver

Re: Dynamic BGP Routing

This means that default inside your AS has to be dynamic. I can only think of IBGP on INT routers or redistribution from BGP to OSPF. That default will change only by injecting default from the OUT routers.

Thanks.

New Member

Re: Dynamic BGP Routing

I was thinking about that too. If I go for IBGP on INT routers, I have to do extensive change since I have tons Int routers. If I go for redistribution route, I have to set up OSPF on outside routers and FW in area 0. That defeat the purpose of secure network. (Out router is totally Out of any IGP).

Is there a way to set up IGP neighbor relationship (either OSPF or EIGRP) between Out router and Int router even though they are on different network? This way it will dynamically change the default route when it detect BGP changes?

Silver

Re: Dynamic BGP Routing

For IBGP, you just have to open some ports in the FW. For OSPF, you will be needing GRE tunnel thru your FW.

.

Rais.

New Member

Re: Dynamic BGP Routing

Rais,

Could you explain the last sentense more clearly? It might be a good idea.

Silver

Re: Dynamic BGP Routing

The Next-Hop can be provided using static routes and redist-ing them to OSPF. Alternatively, you can passive the interface. BTW, GRE can be useful even with BGP.

Rais.

Silver

Re: Dynamic BGP Routing

BGP configuration rules require all BGP speakers in an AS (your two outside routers at this point) to be IBGP peers. You can run BGP through firewalls, even with NAT if you are careful (see chapter 9 of my book High Availability Networking with Cisco, for some extreme examples).

The "standard" approach to a setup like yours is to also set up IBGP peering to a few routers inside the firewalls which would then inject an appropriate default route into your routing protocol to direct traffic to the appropriate firewall/outside router. There are multiple examples in Halabi's Internet Routing Architectures book, another must have book for anyone doing a non-trivial BGP configuration (and yours definitely qualifies as non-trivial).

Unfortunately, there is no "cookbook" solution because you will need to make some hard tradeoffs between availability, load sharing, and cost/complexity and you only get to optimize two of the three.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

New Member

Re: Dynamic BGP Routing

Thanks for your input, Vincent. Security is definally my primary concern. That's why I am not running any routing protocol on the outside routers to keep them separate from the inside routers.

I will definally check out Halabi's book and your book and see what other option I have without tramatize my network.

175
Views
0
Helpful
9
Replies
CreatePlease to create content