We have a customer who is using our MPLS cloud for data transfer and has a backup via internet. The PE to CE is BGP and backup is using OSPF as routing protocol. Whenever the access circuit goes down at one of the site (Say Site A), the backup kicks in and site is able to access the servers at HO via OSPF. However the other sites loose the reachability to this site (Site A) and we need to manually advertize the subnets of the Site A in BGP at HO so that other sites can reach the Site A. Now we want to make this automated to avoid manual intervention and operations to be smoother.
Can anyone suggest the mechanism? Can we use BGP conditional advertisement feature i.e advertize-map and non-exist-map? If yes then how to itilize this feature?
conditional advertisement could be an option
from my understanding that if the main link over bgp between your network and their HQ goes down your network will receive the HQ routes through other link using ospf but this is not get advertised to other sites using bgp !!
if this is the case as i said condational advertisement could be an option
let say the HQ advertising 10.1.1.0/24 but the problem with conditional advertisement you need your bgp to watch a route if existed or not if you can let them add a dummy network ( loopback) lets say wih IP 184.108.40.206/32 and advertise it to you through bgp only
if this bgp peering goes down this route will disappear and you can advertise the other network in this example 10.1.1.0
under your PE router connntected to other sites
router bgp xx
network 10.1.1.0 mask 255.255.255.0
neighbor x.x.x.x advertise-map adver non-exit-map exist
where x.x.x.x the remote site that will recieve the route advertisement conditionally and you need to make sure this router receive the routes through bgp or any other routing protocol in the above example 10.1.1.0
ip prefix-list list1 permit 220.127.116.11/32
ip prefix-list list 2 permit 10.1.1.0/24
match ip address prefix-lst list1
match ip address prefix-list list2
if helpful Rate
How to use this solution to scale? I mean there are around 15 such remote sites and all sites have different subnets. All remote sites connect to HO via MPLS and backup VPN. In the event of MPLS failure, remotes sites connect via VPN to HO however sites should be reachable to rest of the sites.
you should verify if multiple statements like
neighbor x.x.x.x advertise-map adver-siteI non-exist-map exist-siteI
are possible if so you should be able to implement it with 15+15 route-maps and ACLs
if two lines to same neighbor x.x.x.x are not accepted this would be a problem.
An alternate way to advertise sites subnets from HQ with less preferred BGP routes. A possible way could be AS path prepending and it could work
if the ISP accepts the AS path (it can perform AS orverride or it can remove private AS numbers)
in this case you would redistribute OSPF into BGP and you would add AS path prepending.
(depending on primary BGP routes if they have MED=0 you could play on MED= OSPF metric to build secondary routes at HQ)
Hope to help
thanks again. I think the 2nd solution is scalable. Just wanted to check out of curiosity, if we are building the secondary routing table (BGP) on HQ with AS path prepending or redistribution between OSPF and BGP, routes would be still locally sourced on HQ with weight as 32768. How the routing will take place in case of the link failure at a remote site?
yes the problem with locally originated BGP routes can be seen after restore: the risk is that the HQ does not accept routes coming from ISP PE.
To overcome this problem I usually force a neigh weight 40000 on eBGP session to ISP PE.
In this way when restore happens and ISP PE advertises again the primary route it is preferred over locally generated route for its higher weight.
in case of failure of a remote site, HQ router starts to advertise the missing subnets over the eBGP session with ISP PE.
I tested this solution and for me worked.
For this reason I usually suggest to verify not only network reaction to failure but also what happens after restore.
Hope to help
As I understand (and tested), BGP Conditional Advertising works as described:
1. If certain BGP prefis exists in the BGP table, advertising suppressed.
2. If prefix dissappears, router starts advertising.
I need it opposite way - when route exists, I need to advertise ANOTHER route, when route disappears, I need to withdraw the route from advertising.
In general, we have two sites, interconnected by Layer2 link (DWDM). One location has web host and the router, another location has just router. Router Ethernet interfaces are in the same subnet and interconnected by Layer 2 network. We announce LAN IP addresses through both routers to ISP. However when Layer2 connection between routers goes down, remote router still advertises LAN subnet even though web host is not accessible. So, I need to that "remote router" stop advertising when it cannot access primary router (which is at the same location as web host).
maybe you could use conditional injection istead of conditional advertisement?
Thanks everyone. I got it resolved with TAC assistance. Starting from version 12.2T, IOS has a new keyword "exist-map" which does exactly what I need. With this keyword, if prefix (or other condition) exists in the route-map2, then route-map1 WILL be advertised.