iBGP

ahoangphan · ‎04-06-2006

Hello,

I'm in the process of setting up BGP with 2 connections coming in from 2 different ISPs on two routers at 2 different locations. For interconnect the 2 locations, I have a point to point T1 line going, my question is if I use this T1 line to set up iBGP between the 2 routers, is it possible to use ip addresses from the private class C, something like 192.168.1.0/30 and still be able to go out to through the other router if one connection fails?

Simple diagram;

ISP1 ISP2

| |

| eBGP | eBGP

| iBGP |

R1--------------R2 <-- using class C addresses

| | for the point to point here

| |

FW1 FW2

Anthony.

sundar.palaniappan · ‎04-06-2006

Yes, you can do that. Make sure the private IP subnet doesn't get leaked to either of the ISPs.

Pls. rate all helpful posts.

--Sundar

mheusinger · ‎04-06-2006

Hello,

As already stated you can do this. Those addresses are not visible to the internet in case you do NAT them on your firewalls. This does not cause any problem as you do not intent to become a transit AS anyhow. Just make sure to have proper filters in place to avoid becoming transit AS. An example config could look like this (make sure to adjust this to your environment).

interface Loopback0

ip address 10.10.10.1 255.255.255.255

interface Ethernet0/1

description to ISP1

ip address 1.4.5.2 255.255.255.252

interface Serial0/2

description to second location

ip address 10.1.1.1 255.255.255.252

router bgp 65000

network 1.1.0.0 mask 255.255.0.0

neighbor 1.4.5.1 remote-as 1 ! ISP1

neighbor 1.4.5.1 prefix-list NoTrash in

neighbor 1.4.5.1 filter-list 1 out

neighbor 1.4.5.1 weight 150

neighbor 10.10.10.2 remote-as 65000

neighbor 10.10.10.2 update-source Loopback0

no auto-summary

ip as-path access-list 1 permit ^$

ip prefix-list NoTrash deny 192.168.0.0/16 le 32

ip prefix-list NoTrash deny 172.16.0.0/12 le 32

ip prefix-list NoTrash deny 10.0.0.0/8 le 32

ip prefix-list NoTrash deny 1.1.0.0/16 le 32

ip prefix-list NoTrash permit 0.0.0.0/0 le 32

ip route 1.1.0.0 255.255.0.0 Null 0 250

This would only announce 1.1/16 (assumed to be your official IP addresses) to the ISP. All RFC1918 routes are blocked. You could extend this and use the BOGON list for filtering, but this would require more maintainance, because you have to adjust the filters from time to time. For a customer it should be sufficient to block all routes you potentially have internally.

Hope this helps! Please rate all posts.

Regards, Martin

ahoangphan · ‎04-07-2006

Sundar and Martin,

Thank you for your answers. So from Martin's reply, the loopback interface on both routers can have the ip address from the ip block that routers are advertising, and so updates are being sent throught loopback interface instead of the serial interface on the routers which I use to set up the point to point on?

I'm new to BGP, so trying to get a better understanding of BPG before I'm diving in and configuring the routers.

Also I have 4 T1 lines from ISP1 which I used IP CEF to load-share traffic between these 4 lines. Any thoughts on what would be the best method to configure BGP between 2 IPSs: one with 4T1 lines using IP CEF and 1 with a single T1 line?

Thank you,

Anthony.

sundar.palaniappan · ‎04-07-2006

Anthony,

Yes, you can use the loopback to peer between the routers. In BGP, you advertise networks using the network command, redistribute another protocol into BGP or it has to be a BGP route. If you are redistributing another protocol or connected networks into BGP, make sure you have filters blocking the RFC1918 addresses from being leaked to the ISP.

Check out the following link for load sharing:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml

Pls. rate all helpful posts.

HTH,

Sundar

ahoangphan · ‎04-20-2006

Sundar,

Is it possible to use ip addresses from the IP space I'm advertising to assign to router's interfaces while it's still being advertised?

In regards to my last post, I have 4 T1 lines from ISPA and 1 T1 line from ISPB, I'm thinking about using ebgp multi-hop on the router facing ISPA.

Between the 2 routers, there's a point to point T1 line --> iBGP --> updates are going between the 2 routers on loopback interface with ip addresses from the advertising IP space.

Is it possible? Or am I confusing you?

Anthony

sundar.palaniappan · ‎04-21-2006

Anthony,

See the responses below.

Is it possible to use ip addresses from the IP space I'm advertising to assign to router's interfaces while it's still being advertised?

Yes. As long as you have a route for the network you want to advertise you should be OK.

In regards to my last post, I have 4 T1 lines from ISPA and 1 T1 line from ISPB, I'm thinking about using ebgp multi-hop on the router facing ISPA.

You need to use multihop because you want to peer to the loopback address of the router.

Between the 2 routers, there's a point to point T1 line --> iBGP --> updates are going between the 2 routers on loopback interface with ip addresses from the advertising IP space.

That's fine. You should be good.

The following link should clear things up for you.

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml

Pls. rate all helpful posts.

HTH,

Sundar