Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

BGP Help

Hello,

Our HQ is connected to branch office with point to point connection but soon will use service provider MPLS cloud.

At HQ we use OSPF routing protocol on LAN and BGP will be for MPLs.

on Router which is terminating service provider connection for MPLS do I need redistribution of OSPF to BGP and vice-versa.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: BGP Help

Hello,

Writing "network 0.0.0.0 0.0.0.0 area 0" in OSPF configuration will include all directly connected interfaces into OSPF area 0. It is a cheat trick to quickly include all configured interfaces - present and future - into a routing protocol.

That being said, I would never use this in a production network. It is far too dangerous - it runs OSPF on all interfaces including those which you perhaps don't want to advertise and which may not be well secured.

Regarding the "network" command - personally, in a production network, I think it is better to be more specific than less specific.

Best regards,

Peter

Hall of Fame Super Silver

Re: BGP Help

Hello Amin,

as Peter I see many possible disavantages in using a command like

network 0.0.0.0 255.255.255.255 area 0

sooner or later you may want to move to a multi-area OSPF design.

A command like that is like a permit any any in an ACL.

network area commands can be seen as ACL statements where the order of commands care.

So if you add later a command like

network 10.10.10.0 0.0.0.255 area 1

it would be not effective and you would need to remove

network 0.0.0.0 255.255.255.255 area 0

to change the order of commands.

For this reason I would use a network command for each subnet or groups of subnets leaving alone the links to the core so that you can easily change without losing ip connectivity to device.

Hope to help

Giuseppe

21 REPLIES
Cisco Employee

Re: BGP Help

Hi,

Does your MPLS service provider require you to run BGP towards him? If yes, then obviously, you will have to perform two-way redistribution between BGP and OSPF.

Best regards,

Peter

Hall of Fame Super Silver

Re: BGP Help

Hello Peter,

I would use network commands under BGP for the main site IP subnets, if possible, to avoid mutual redistribution

Hope to help

Giuseppe

Cisco Employee

Re: BGP Help

Giuseppe,

Yes, of course, you are right. Redistribution into BGP does have some not-so-positive properties. Thank you!

If the IP subnets on the main site are summarizable, I would suggest creating a static summary route pointing to Null0 (effectively, a discard route) and then including just that one into the BGP using the network command.

Best regards,

Peter

New Member

Re: BGP Help

Hi,

Configuration from Service Provider

interface Ethernet0/0.99

encapsulation dot1Q 99

ip address 172.17.17.254 255.255.255.252

no shutdown

router bgp 99

neighbor 172.17.17.253

remote-as 1000 no auto-summary

MPLS Router connects to my backbone as a VLAN

Interface fa 0/1

ip address 192.168.100.254 255.255.255.252

Router ospf 50

network 192.168.100.254 0.0.0.0 area 0

Can I get help on how to do redistribution on OSPF to BGP and vice-versa.

I have noticed different ways of adding network under OSPF process, is my config correct

Cisco Employee

Re: BGP Help

Hi Amin,

Your present configuration of the OSPF is OK.

To redistribute BGP routes into OSPF, use:

router ospf 50

redistribute bgp 99 subnets metric-type 1

As Giuseppe has correctly pointed out earlier, while it is a workable solution to redistribute OSPF into BGP, it is not the most elegant one. A better solution is to individually include the required OSPF networks into the BGP process using the "network" command. Assuming that the OSPF will populate your routing table with networks 192.0.2.0/26 and 192.0.2.64/27, you would write:

router bgp 99

network 192.0.2.0 mask 255.255.255.192

network 192.0.2.64 mask 255.255.255.224

If all your networks in the HQ site are summarizable, say, by the network 192.0.2.0/24, then I suggest this approach:

ip route 192.0.2.0 255.255.255.0 null0

router bgp 99

network 192.0.2.0

The advantage of this approach is that you effectively announce only a summary route in BGP and that the advertised route is stable - it does not flap, thereby reducing the BGP churn.

Best regards,

Peter

New Member

Re: BGP Help

Thank You for explanation

Why you have added metric-type 1 while redistributing bgp into OSPF.

Do I need to use Router_ID under OSPF, if so what ID should be used.

I dont have summarized network, some networks are used on remote-sites. So how to redistribute ospf into BGP.

When I do mutual redistribution I would also get service-provider routes, how to avoid this.

Cisco Employee

Re: BGP Help

Hello,

1.) Regarding the 'metric-type 1': the OSPF external (i.e. redistributed) routes are of two types. The Type 2 (OE2) external route has a constant metric set in the moment of redistribution which is not increased anymore as the route is propagated throughout an OSPF domain. The Type 1 (OE1) external route has a starting metric set in the moment of redistribution which is then increased as any other network announced in OSPF. My personal opinion was that the Type 1 metric here would be more appropriate but I admit it was more aesthetical than technical. In your particular network topology, using Type 1 or Type 2 external route does not make a difference.

2.) You do not need to set a Router ID in the OSPF statically, the OSPF will pick a Router ID automatically when it first starts. By default, the OSPF takes the highest IP address among the loopback interfaces as its Router ID. If there are no loopback interfaces, then the highest IP address among all interfaces will be taken as a Router ID. Still, it is a best practice to set up the Router ID in OSPF manually to ensure that it remains constant. The Router ID can be any number that is unique within the OSPF domain. Very often, the loopback IP address is just duplicated in the router-id command and that is also what I recommend.

3.) The quick and dirty method of redistributing OSPF into BGP is simply to write

router bgp 99

redistribute ospf 55

But as Giuseppe has recommended, this is not such a good way to go. As I have indicated in my previous response, if you do not have too many routes in your HQ site, include them network by network in the router bgp configuration, like:

router bgp 99

network 192.0.2.0 mask 255.255.255.192

network 192.0.2.64 mask 255.255.255.224

network ...

network ...

network ...

Of course, if there are too many networks, this is not a way to go. How many network do you expect to have in your OSPF?

Best regards,

Peter

New Member

Re: BGP Help

Thanks.

We have 65 VLANS and needs only 15 vlans to be seen on branch office.

I still don't get how to block service provider network at my MPLS Router and accept only branch office network.

Cisco Employee

Re: BGP Help

Hi,

I do not believe that your provider will announce all his networks to you via BGP. I think that the BGP will be used only to convey information about the networks at the central office and at the branches. That's how it is usually used in MPLS L3 VPNs. Ask your provider if this is the case. If yes, you don't need to bother about filtering networks in your BGP.

Best regards,

Peter

New Member

Re: BGP Help

Thank You Peter.

Neighboring office have similar setup and facing heavy routes issue from service provider, can you advice how to filter network from BGP to OSF and vice-versa

Thats the reason I am considering from start on filtering network.

Hall of Fame Super Silver

Re: BGP Help

Hello Amin,

contact your service provider if this is an MPLS L3 VPN you shouldn't see unnecessary routes not related to your topology.

They can have made an error joining your VPN with somebody else or putting your eBGP sessions in the global routing table.

to protect your devices from receiving unwanted routes you can use route filters like

router bgp your.ASN

neigh isp-pe-address route-map myroutes in

route-map myroutes in permit 10

match ip address prefix-list expected_routes

ip prefix-list expected_routes permit 10.10.10.0/24

and other lines can follow as needed

But again this route leaking is a fault on the provider side.

Hope to help

Giuseppe

New Member

Re: BGP Help

Thank You.

Will I have issues for subnetted network to allow using ip prefix-list.

Hall of Fame Super Silver

Re: BGP Help

Hello Amin,

with prefix list you can handle subnetted networks as well.

if for example all your networks are in net 10/8 and have subnet masks between 24 and 26

ip prefix-list mynets permit 10.0.0/8 le 26 ge 24

this is the point of advantage of prefix-list over standard ACL (there is a trick for using extended ACLs for this but prefix list are the right tool now)

or you can simply list all the expected networks one per line without any le or ge parameters.

Hope to help

Giuseppe

New Member

Re: BGP Help

Thanks Giuseppe.

networks on Core

172.17.1.0

172.33.1.0

172.16.5.0

is it recommended to have like

router ospf

network 172.0.0.0 0.0.255.255 area 0

or

add all networks define on core one by one.

what is the benefit of following command

network 0.0.0.0 255.255.255.255 area 0

Cisco Employee

Re: BGP Help

Hello,

Writing "network 0.0.0.0 0.0.0.0 area 0" in OSPF configuration will include all directly connected interfaces into OSPF area 0. It is a cheat trick to quickly include all configured interfaces - present and future - into a routing protocol.

That being said, I would never use this in a production network. It is far too dangerous - it runs OSPF on all interfaces including those which you perhaps don't want to advertise and which may not be well secured.

Regarding the "network" command - personally, in a production network, I think it is better to be more specific than less specific.

Best regards,

Peter

Hall of Fame Super Silver

Re: BGP Help

Hello Amin,

as Peter I see many possible disavantages in using a command like

network 0.0.0.0 255.255.255.255 area 0

sooner or later you may want to move to a multi-area OSPF design.

A command like that is like a permit any any in an ACL.

network area commands can be seen as ACL statements where the order of commands care.

So if you add later a command like

network 10.10.10.0 0.0.0.255 area 1

it would be not effective and you would need to remove

network 0.0.0.0 255.255.255.255 area 0

to change the order of commands.

For this reason I would use a network command for each subnet or groups of subnets leaving alone the links to the core so that you can easily change without losing ip connectivity to device.

Hope to help

Giuseppe

Cisco Employee

Re: BGP Help

Giuseppe,

Just a single correction: if there are overlapping "network" statements in OSPF configuration then the rule of the closest match applies. If you have two interfaces, Fa0/0=10.0.1.1/24 and Fa0/1=10.0.10.10/24, and you configured:

network 10.0.0.0 0.0.0.255 area 0

network 0.0.0.0 0.0.0.0 area 1

then Fa0/0 will be in Area 0, the Fa0/1 will be in Area 1.

Best regards,

Peter

Cisco Employee

Re: BGP Help

Oops, a slight typo: I should have written "network 0.0.0.0 255.255.255.255 area 0"... Sorry.

New Member

Re: BGP Help

Thank You Both Gentlemen

Hall of Fame Super Silver

Re: BGP Help

Hello Peter,

I've probably have in mind the OSPF behaviour of some years ago that we experimented in lab.

It is possible that this has been changed later, but I never tried again.

Actually, in 12.4 Command Reference

http://www.cisco.com/en/US/partner/docs/ios/iproute/command/reference/irp_osp2.html#wp1013362

says that most specific statement is used but there is also the following note:

>>Any individual interface can only be attached to a single area. If the address ranges specified for different areas overlap, the software will adopt the first area in the network command list and ignore the subsequent overlapping portions. In general, we recommend that you configure address ranges that do not overlap in order to avoid inadvertent conflicts.

that is an ACL logic like first match out.

Hope to help

Giuseppe

Cisco Employee

Re: BGP Help

Hi Giuseppe,

Thanks again for your kind advice. I have checked the command reference but I must admit that it is not clear for me what does it mean to "ignore the subsequent overlapping portions". The page is not very clear on this.

Nevertheless, I gave it a try right now. No matter which order of "network" commands I used, the router always took the most specific match.

But this all is just an implementation issue... The bottom line is that using overlapping network statements is a Bad Thing (TM) :)

Best regards,

Peter

547
Views
0
Helpful
21
Replies
CreatePlease to create content