Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

BGP question (IBGP)

BGP Question.

I'm trying to build a BGP infrastructure, and running into a couple of questions

Upstream ISP (Full feed) <-> R1 (BGP/ISIS) <-> R2 (ISIS) <-> R3 (ISIS) <-> R4 (ISIS/BGP) <-> Upstream ISP (Full feed)

R1 <-IBGP-> R4, there are no BGP running on R2 and R3, will this setup work ??, when R2/R3 do not know the route other routers than the internal route, between R1 / R2 / R3 / R5, my host is connected to R1, and I want to use routes learned from R4s Upstream ISP

Any good documents on how to build a setup similar to this, where I don't want R2/R3 to know other routes than local routes

Thanks in advance…

/Peter

2 REPLIES
Purple

Re: BGP question (IBGP)

Hi Peter,

Since you don't appear to be running a transit AS and are not running IBGP between R1 and R4,

you can use a couple of approaches:

- configure the ISIS process on both R1 and R4 to inject defaults with the same metric. The result of this will be that your internal routers will pick the closest exit for going out to the internet. But that won't achieve your objective of allowing hosts connected to R1 to go out via R4

- configure R1 to inject a default with a much higher metric than the default from R4

One thing you could do at both R1 and R4 is to use conditional generation of the default so that it will not inject the default if the connection to the ISP has been lost. That will give you some degree of dynamic behaviour for the defaults.

One other alternative is to use policy-based routing on R2, R3 and R4 to get a different split on traffic going out each way. You could then base your routing on source addresses etc/

Hope that helps - pls rate the post if it does.

Paresh

Re: BGP question (IBGP)

Hello,

this setup will work or not work depending on what you would like to have in the end. If you would like to be a transit AS your setup will only work in case R2 and R3 do not perform IP lookups. So you need a tunnel from R1 to R4 or MPLS enabled on all four routers R1 - R4.

If an internal router like R2 or R3 will get IP packets destined for the internet they will not know the destination address and therefore drop the packet.

In case you want to have redundant internet connection from your internal hosts it might work. What you can achieve here is some sort of primary/backup scenario, where your primary BGP router inserts a default route into ISIS unless it is down.

But it would be much easier to rely on two static default routes then and not have the full internet BGP table.

So you need to redesign your network to fully take advantage of your two peerings and also have the choice of using either ISP selectively. The best setup would be to have a direct connection between your BGP routers. Insert a default route into ISIS from both, R1 and R4. As they will have the full internet table they will sort out the best path to the destination. Also make sure you have the proper filters in place to avoid getting networks you would not like to get (like 192.168.1.0/24).

Write a filter to avoid being transit AS between your two ISPs!!! An example configuration for ISP2 being primary and ISP1 being backup would look like this:

interface Ethernet0/1

description to ISP1

ip address 1.4.5.2 255.255.255.252

router bgp 65000

bgp default local-preference 80

network 1.1.0.0 mask 255.255.0.0

neighbor 1.4.5.1 remote-as 1 ! ISP1

neighbor 1.4.5.1 prefix-list NoTrash in

neighbor 1.4.5.1 filter-list 1 out

no auto-summary

ip as-path access-list 1 permit ^$

ip prefix-list NoTrash deny 192.168.0.0/16 le 32

ip prefix-list NoTrash deny 172.16.0.0/12 le 32

ip prefix-list NoTrash deny 10.0.0.0/8 le 32

ip prefix-list NoTrash deny 1.1.0.0/16 le 32

ip prefix-list NoTrash permit 0.0.0.0/0 le 32

ip route 1.1.0.0 255.255.0.0 Null 0 250

R2#

interface Ethernet0/2

description to ISP2

ip address 2.2.2.2 255.255.255.252

router bgp 65000

bgp default local-preference 120

network 1.1.0.0 mask 255.255.0.0

neighbor 2.2.2.1 remote-as 2 ! ISP2

neighbor 2.2.2.1 prefix-list NoTrash in

neighbor 2.2.2.1 filter-list 1 out

no auto-summary

ip as-path access-list 1 permit ^$

ip prefix-list NoTrash deny 192.168.0.0/16 le 32

ip prefix-list NoTrash deny 172.16.0.0/12 le 32

ip prefix-list NoTrash deny 10.0.0.0/8 le 32

ip prefix-list NoTrash deny 1.1.0.0/16 le 32

ip prefix-list NoTrash permit 0.0.0.0/0 le 32

ip route 1.1.0.0 255.255.0.0 Null 0 250

This would only announce the assigned IP addresses (1.1/16) to ISP1 and ISP2, i.e. it prevents that you become transit AS between them. Also all RFC1918 routes are blocked. You could extend this and use the BOGON list for filtering, but this would require more maintainance, because you have to adjust the filters from time to time. For a customer it should be sufficient to block all routes you potentially have internally.

You will have to adjust BGP AS, IP addresses and interface names to your environment.

Hope this helps! Please rate all posts.

Regards, Martin

115
Views
5
Helpful
2
Replies
CreatePlease to create content