Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

help reqd in private BGP

Hi all

i need some info on the given scenario(private BGP) ..

customer is having 2 Corp offices one @ location A and second one @ location B.

At Loc A hes having IBW with one SP and at Loc B with some other SP.

Hes having interlinks between 2 of his locations i.e., Loc A&B.

so using tht link he wants to have redundant Internet connecitivity.

Related to SP setup all the IBW are configured in Core Routers and the customer links are connected to other Edge router on Both the SPs.

Core routers are running BGP(both I and E) but the Edge routers arent at this moment.

To create PBGP we are planning to run PBGP in tht router where the customer is connected to both the SPs..

Wht steps to be followed to design a robust,reliable config so tht it can solve the purpose for which its configured ..

Regds

prem

19 REPLIES
Gold

Re: help reqd in private BGP

It seems like you shouldn't need BGP between the two sites in this case, if I understand what you are trying to do, ad how the network is set up. I would just send a default from each edge conditioned on the connection to the ISP--one way to do this would be to receive a default from each ISP, and redistribute it out to the IGP being used in the network. Another way would be to crate a static pointing to the interface which connects to the ISP (given it's not a broadcast network of some type--static defaults pointing to broadcast networks, like ethernet, are not a good thing), and then redistribute that static into the IGP being used.

Russ.W

Gold

Re: help reqd in private BGP

It seems like you shouldn't need BGP between the two sites in this case, if I understand what you are trying to do, ad how the network is set up. I would just send a default from each edge conditioned on the connection to the ISP--one way to do this would be to receive a default from each ISP, and redistribute it out to the IGP being used in the network. Another way would be to crate a static pointing to the interface which connects to the ISP (given it's not a broadcast network of some type--static defaults pointing to broadcast networks, like ethernet, are not a good thing), and then redistribute that static into the IGP being used.

Russ.W

Re: help reqd in private BGP

hi rus

we r not insisting the cust to run PBGP but its the other way.Main reasons told to us r reduandancy via both sides.they hve 1Mb on both the sides so as to hve a proper bckup they r going for the same.

both the sps r running ospf between their core and edge where the customer is conencted.

thru ospf i m getting the default route in edge routers so i dont think we need to send the routing info to customer.better to point dafault route pointing towards one SP and one with metric pointin their interlink.

my point of concern here is at Location A hes using ISP A and location B hes using ISP B.

For ISP A ISP B is the upstream provider.

at Location B hes using ISPBs address space and in location A ISPAs.my question here is how i can advertise ISPBs address block which is ther lcoation B to ISPB hre in Location A ??can it be done like tht ??i dont hve any problems on the other side since i m going to advertise ISPAs block to ISPB @ loc B.

prem

New Member

Re: help reqd in private BGP

Some questions please:

Do you NAT private addresses to the ISP address blocks?

Do you have unsynced firewalls at Sites A and B?

If so, please provide more details of the topology,

Thanks

Ian

Re: help reqd in private BGP

hi

btw i hve the following H/W config @ Customer end,pls suggest will it be able to run BGP accepting only the default route.

Cisco Internetwork Operating System Software

IOS (tm) C1700 Software (C1700-K8SY7-M), Version 12.2(4)T3, RELEASE SOFTWARE (f

c3)

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2002 by cisco Systems, Inc.

Compiled Sun 10-Feb-02 02:32 by ccai

Image text-base: 0x800080E0, data-base: 0x80C09924

ROM: System Bootstrap, Version 12.2(1r)XE1, RELEASE SOFTWARE (fc1)

Hutch-Internet uptime is 7 weeks, 2 days, 18 hours, 45 minutes

System returned to ROM by power-on

System image file is "flash:c1700-k8sy7-mz.122-4.T3.bin"

cisco 1751 (MPC860P) processor (revision 0x600) with 24576K/8192K bytes of memor

y.

Processor board ID JAD06220FNZ (1566080684), with hardware revision 0000

M860 processor: part number 5, mask 2

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

1 FastEthernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

System flash directory:

File Length Name/status

1 6569396 c1700-k8sy7-mz.122-4.T3.bin

[6569460 bytes used, 10207756 available, 16777216 total]

16384K bytes of processor board System flash (Read/Write)

prem

Re: help reqd in private BGP

hi

in addition to the above msg find the network diagram below in the link mentioned.

http://www.geocities.com/sanjaypremkumar/

New Member

Re: help reqd in private BGP

Hello,

I assume that your PIX at Location B NATs to ISP B's address space, and the PIX at Location A NATs to ISP A's address space. Therefore, sync between the PIX's won't be an issue since the NAT always pulls the traffic back to the originating firewall (symmetric routing).

To get the optimal outgoing AS path, I would run an IBGP mesh between BA BB CA CB and your two ISP routers. The other option is to inject a default at each site, but then Site A will tend to use ISP A and site B ISP B, whereas with the full IBGP mesh, both sites will get the best AS path.

Re: help reqd in private BGP

hi ipotts

thks for the inputs ,but hes already running EIGRP between them for his own use for hving load balancing between the interlinks.

how do i point backup route in location A towards Location B thru PIX ??

if i m not goint to run IBGP with them intenally.

i couldnt understand the exact the logic to such an extent with the pix in picture.though the routers BA,BB & CA,CB coming behind the pix and in private ip sceheme how do i go about in this can u threw some light on this ??

thx all for ur time & help

prem

New Member

Re: help reqd in private BGP

Hello,

Do you want the traffic to be balanced between both ISPs, (i.e. site A sends to ISP A and ISP B) or do you want a failover scenario where site A always uses ISP A, and site B always uses ISP B. If the local ISP goes down, they use the other ISP.

Re: help reqd in private BGP

hi

i need the failover scenario here to be implemented with this setup.

prem

New Member

Re: help reqd in private BGP

Is it definite that you can't use IBGP, even to inject a default route?

If this is correct, since the PIX only supports RIP in passive mode, and EIGRP can't form a neighbor with a router on a different subnet(i.e. EIGRP updates between your external ISP router and your internal CA,CB routers), and without IBGP, the only option I see is to run RIPv2 between the ISP router and the internal CA,CB routers to inject the default. This will require no validate-update-source under router rip, and rip neighbor statements to get unicast RIP. At CA,CB this RIP route can be redistributed into EIGRP, and if the cost of the interlinks is high enough site A should use ISP A unless ISP A goes down. This is abit messy, but without IBGP, I am struggling for other options for a dynamic failover.

Re: help reqd in private BGP

hi

thts not definite.to hve a clear idea as u said i can better choose IBGP to run between Internet and CA,CB routers,should i hv to run IBGP with CA,CB and BA,BB though hes running eigrp between them already.

pls clarfy this point,

btw i hv started preparing the config templates already for the routers w/o IBGP between CA,CB and BA,BB.i will post them(for wetting) once i finish them off.

prem

Re: help reqd in private BGP

hi

in addition to tht i hve posted(in the link pasted below) the sample ip schemes used by the customer at present.

http://www.geocities.com/sanjaypremkumar/

prem

New Member

Re: help reqd in private BGP

To get dynamic failover you need to run a routing protocol over the PIXes. The only routing protocols that I know of which can pass information between interfaces on different subnets are IBGP, IGRP or RIPv2. I would recommend IBGP, since it is designed for this type of multihop application, whereas with IGRP and RIP is it more a case of squeezing a routing protocol to fit a need.

Ideally you would create another transit on the external side of the PIXes so that an IBGP default pulls the traffic to this external transit, then full EBGP tables provide the best exit. However, without this external transit, I wouldn't run a full routing table in EBGP but a default in IBGP since a loop could form.

Re: help reqd in private BGP

hi potts

need some clarification again in the config,can i nat both the CA,CB and BA,BB to public ip address in PIX so tht i can put a secondary route in the router towards this ip ,with one default primary towards the internet service provider.is ther any config restrains invovled in this ??

will this work like this ??

i m planning to run IBGP between CA-CB ,CA-Internet router,CB-Internet router.wht all r the steps to be taken into consideration mostly security related issues while doing so ??can i hv all u r inputs on this too??

prem

New Member

Re: help reqd in private BGP

Hello,

It is up to you whether you NAT the CA,CB,BA,BB IBGP peer addresses. Some would argue it is more secure to NAT them to a public address space, and some would argue against it. Personally to avoid confusion I wouldn't NAT them.

For IBGP security I would use access-groups to only allow the IBGP and EIGRP control plane traffic you expect along with the data traffic you expect. I would also use MD5 on the IBGP peers.

Regards

Ian

Re: help reqd in private BGP

hi

few more queries on the same,in my earlier mail i mentioned about natting the ip address of CA,CB.

how the router will forward the traffic towards the natted ip back to the pix ??will tht work ??

all the pcs will be hving pixs inside as the def/gw,pixs outside interface which inturn in sync with the internet routers ethernet.so traffic comes to pix inside will be natted out with the outside interface ip to the outside world.this will be in normal condition.

once the internet link goes down,again all my traffic will go to pix and pix will do the same routine job,if our logic works thts the internet router send backs the traffic to interoffice links connected router how the packet will come from the internet router back to pix ??

2.how the interoffice link failure can be detected by the internet routers ??is ther any mechnaism by which we can detect tht ??

prem

New Member

Re: help reqd in private BGP

Please find below a repeat of your questions with my responses.

few more queries on the same,in my earlier mail i mentioned about natting the ip address of CA,CB.

how the router will forward the traffic towards the natted ip back to the pix ??will tht work ??

>> I would advertise the NAT address from CA,CB in IBGP to the external ISP router.

all the pcs will be hving pixs inside as the def/gw,pixs outside interface which inturn in sync with the internet routers ethernet.so traffic comes to pix inside will be natted out with the outside interface ip to the outside world.this will be in normal condition.

once the internet link goes down,again all my traffic will go to pix and pix will do the same routine job,if our logic works thts the internet router send backs the traffic to interoffice links connected router how the packet will come from the internet router back to pix ??

>> You should have a layer 3 connection between the PCs and the PIXs to allow the default route to swing the traffic over to the other site if the local ISP goes down. They will then be sent out with the NAT address of the other site.

2.how the interoffice link failure can be detected by the internet routers ??is ther any mechnaism by which we can detect tht ??

>>For outbound traffic this is not required. For inbound traffic (i.e. to local web servers) there will be no inter-site failover. Which do you require inbound or outbound failover? I had assumed outbound (e.g. for browsing from your customer site).

Re: help reqd in private BGP

hi

i m sendin only default route from my Core Backbone to my Peer edge router whre thi Customer is conencted.from my Peer edge i m again sending the def to the customer .

i will run IBGP between my BB and Peer edge,EBGP betwen my Peer edge and customer.

right now both my BB and Peer edge are in OSPF and my Peer edge router is getting def information my BB.Do i need to configure in IBGP to send def route from my BB to peeredge using prefix list or shall it be left as it is??

from my Peer Edge i m again planning to use prefix list to send the def route to customer.is ther any other options which can be effective thn prefix list to send the def route.wht will be the routes to be configured @ customer site,thou he will agree to settle with def route due to H/W restrictions..

Current Scenario : http://www.geocities.com/sanjaypremkumar/ (to make use of the new link which is being taken out from insie network)

regds

prem

139
Views
0
Helpful
19
Replies