Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
1
Replies

Help - Need to change Next-Hop to default route in BGP

moorepl
Level 1
Level 1

‎06-05-2014 04:43 PM - edited ‎03-04-2019 11:06 PM

Hi All

 

I'm trying to figure out if I can change the next-hop to a default route that I am injecting into BGP. I have basically configured a WAN network connecting 4 routers (as below) with eBGP and iBGP peers. The WAN links are reachable via eigrp, and the BGP peering takes place to L0's which are also reachable via eigrp. I want R2 to send the route to the downstream DEG router, but I want the next-hop not to be the source L0, but a firewall interface. So all  traffic destined for the default route will be sent to the firewall. In the event the upstream router goes offline, another default-route should be seen via iBGP, it too will need it's next-hop attribute changed to another firewall ip address. See the diagram below and config for routers.

 

The servers downstream are vlans 10, 11, 20 (On left) and vlan 30 on right with network IPs 10.10.10.10, 11.11.11.10, 20.20.20.10 and 30.30.30.10 respectively. Their default gateway is currently the L3 SVI on the MSFC. I want the default route that comes from R2 on the right to DEG on the bottom right, to have the next hop of the local inside firewall 10.

Router 2 Config


R2#sho run
Building configuration...

Current configuration : 1535 bytes
!
! Last configuration change at 00:35:27 UTC Fri Jun 6 2014
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Loopback0
 description BGP Neigh Adjacency
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
!
interface GigabitEthernet1/0
 no ip address
 shutdown
 negotiation auto
!
interface FastEthernet2/0
 description P2P Link P2P Link for BGP Remote_AS 65501
 ip address 192.168.200.4 255.255.255.0
 speed auto
 duplex auto
!
interface FastEthernet2/1
 no ip address
 shutdown
 speed auto
 duplex auto
!
!
router eigrp 100
 network 4.0.0.0
 network 192.168.200.0
!
router bgp 605
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 605
 neighbor 3.3.3.3 remote-as 65501
 neighbor 3.3.3.3 ebgp-multihop 10
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 3.3.3.3 default-originate route-map DEG_Def_Route
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
route-map DEG_Def_Route permit 10
 set ip next-hop 10.108.129.10
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end


DEG N7k Router


DEG_Core-N7000-SW#sho run
Building configuration...

Current configuration : 3864 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname DEG_Core-N7000-SW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat

!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
 description BGP Neigh Adjacency
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 description P2P Link for BGP Remote_AS 605
 ip address 192.168.200.3 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 description *** Unused for Layer2 SW ***
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 switchport access vlan 30
 duplex full
 speed 100
!
interface FastEthernet1/1
 duplex full
 speed 100
!

output omitted
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 description L3 Link for iBGP
 no switchport
 ip address 192.168.201.2 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 description Layer 2 Link to CW N7K
 switchport mode trunk
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description Finance Dept Vlan
 ip address 10.10.10.2 255.255.255.0
 standby 10 ip 10.10.10.3
!
interface Vlan11
 description Sales Dept Vlan
 ip address 11.11.11.2 255.255.255.0
 standby 11 ip 11.11.11.3
 standby 11 priority 200
 standby 11 preempt
!
interface Vlan30
 description DEG Local
 ip address 30.30.30.1 255.255.255.0
!
router eigrp 100
 network 3.0.0.0
 network 192.168.200.0
 network 192.168.201.0
 no auto-summary
!
router bgp 65501
 no synchronization
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 network 11.11.11.0 mask 255.255.255.0
 network 20.20.20.0 mask 255.255.255.0
 network 30.30.30.0 mask 255.255.255.0
 neighbor 1.1.1.1 remote-as 65501
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 4.4.4.4 remote-as 605
 neighbor 4.4.4.4 ebgp-multihop 10
 neighbor 4.4.4.4 update-source Loopback0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip any host 1.1.1.1
access-list 110 permit ip any host 2.2.2.2
!
route-map Secondary_to_R4 permit 10
 match ip address 110
 set ip next-hop 10.104.128.10
!
route-map Primary_to_R2 permit 10
 match ip address 100
 set ip next-hop 10.104.129.10
!
!
!
control-plane
!

banner exec ^C

***************************************************************
This is a normal Router with a SW module inside (NM-16ESW)
It has been preconfigured with hard-code speed and duplex

To create vlans use the command "vlan database" from exec mode
After creating all desired vlans use "exit" to apply the config

To view existing vlans use the command "show vlan-switch brief"

Warning: You are using an old IOS image for this router.
Please update the IOS to enable the "macro" command!
***************************************************************

^C
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

DEG_Core-N7000-SW#

R4 Router Config


R4#sho run
Building configuration...

Current configuration : 1465 bytes
!
! Last configuration change at 21:22:34 UTC Thu Jun 5 2014
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!

!
interface Loopback0
 description BGB Neigh Adjacency
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
!
interface GigabitEthernet1/0
 no ip address
 shutdown
 negotiation auto
!
interface FastEthernet2/0
 description P2P Link for BGB Rmote_AS 65501
 ip address 192.168.200.2 255.255.255.0
 speed auto
 duplex auto
!
interface FastEthernet2/1
 no ip address
 shutdown
 speed auto
 duplex auto
!
!
router eigrp 100
 network 2.0.0.0
 network 192.168.200.0
!
router bgp 605
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 65501
 neighbor 1.1.1.1 ebgp-multihop 10
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 1.1.1.1 default-originate
 neighbor 4.4.4.4 remote-as 605
 default-information originate
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end

R4#

CW N7K Router Config


CW_Core-N7000-SW#sho run
Building configuration...

Current configuration : 3731 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname CW_Core-N7000-SW
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat

!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
 description BGB Neigh Adjacency
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 description P2P Link for BGP Remote_AS 605
 ip address 192.168.200.1 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 description *** Unused for Layer2 SW ***
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet1/0
 switchport access vlan 10
 duplex full
 speed 100
!
interface FastEthernet1/1
 description Link to Sales Server
 switchport access vlan 11
 duplex full
 speed 100
!
interface FastEthernet1/2
 switchport access vlan 20
 duplex full
 speed 100
!

!
interface FastEthernet1/13
 description L3 Link for iBGP
 no switchport
 ip address 192.168.201.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet1/14
 no switchport
 no ip address
 duplex full
 speed 100
!
interface FastEthernet1/15
 description Layer 2 Link to DEG N7K
 switchport mode trunk
 duplex full
 speed 100
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description Finance Dept Vlan
 ip address 10.10.10.1 255.255.255.0
 standby 10 ip 10.10.10.3
 standby 10 priority 200
 standby 10 preempt
!
interface Vlan11
 description Sales Dept Vlan
 ip address 11.11.11.1 255.255.255.0
 standby 11 ip 11.11.11.3
!
interface Vlan20
 description CityWest Local
 ip address 20.20.20.1 255.255.255.0
!
router eigrp 100
 network 1.0.0.0
 network 192.168.200.0
 network 192.168.201.0
 no auto-summary
!
router bgp 65501
 no synchronization
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 network 11.11.11.0 mask 255.255.255.0
 network 20.20.20.0 mask 255.255.255.0
 network 30.30.30.0 mask 255.255.255.0
 neighbor 2.2.2.2 remote-as 605
 neighbor 2.2.2.2 ebgp-multihop 10
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 3.3.3.3 remote-as 65501
 neighbor 3.3.3.3 update-source Loopback0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!

 

^C
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

 

CW_Core-N7000-SW#

Thanks in advance for any and all help guys.... I appreciate it.

 

Mooey

 

 

Labels:
Preview file
65 KB
0 Helpful
1 Reply 1

moorepl
Level 1
Level 1

‎06-05-2014 04:56 PM

Topology Diagram

Preview file
65 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card