I was wondering if anyone has successfully done something like this, if so, how? It could be that it's dead easy but I'm clearly missing the obvious.
To try describe it as simple as I can I have the following scenario:
<172.16.0.0/16 CORPORATE NETWORK>
<LAYER 3 VPN>
BRANCH SITE CE2 (approx 200)
PE1, CE1 and all branch sites (CE2) are all under our administrative control and all derive their IP addressing from the 172.16.0.0/16 address space. The L3 VPN is a service we have bought from our ISP.
Now, between PE1 and CE1 is an eBGP connection. PE1 advertises the entire 172.16.0.0/16 network with all the individual prefixes (approx 1000) to CE1. All good so far. CE1 has an eBGP connection to the ISPs L3 VPN. This VPN is restricted, for budgetary reasons, to accept no more than 500 IP prefixes. The branch sites also have an eBGP connection into the L3 VPN and advertise the LAN /27 into the VPN.
My question is this:
At CE1 is there a simple way with BGP to achieve the following:
- Advertise only the 172.16.0.0/16 summary into the cloud thus not overwhelming the 500 IP prefix limit
- Advertise all individual branch (CE2) prefixes into the corporate network via PE2, in other words, not apply any summarisation going up
If I go for the 'aggregate address x.x.x.x summary-only' arguement on CE1, it will suppress all the individual routes both ways and thus won't advertise the individual branch IP prefixes to PE1. This way we wouldn't see any of the individual branch prefixes in the corporate routing table.
I was looking at the 'un-suppress' feature of BGP to maybe 'free up' the branch routes, but the migration strategy would mean I'd need to be constantly be amending the config to allow each site through as it comes online.
You can setup a prefix-list filter toward ISP's BGP neighbor and allows only /16 prefix to move out. In this case there is no need to use aggregation since according to prefix-list it won't allow more specific prefixes.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.