Edison,

It would be nice if routes follow the proper path but when U got 2 routes to same destination I alwayz doubt the flow of traffic.

I attached demo config for "A" , "B" , "C" ; please input if I dont need to worry for backdoor routes & my needs for Q1 and Q2 is fullfilled.

If there is more than one  multual redistribution then flow of traffic is unexpected - This is my point of view which I could be wrong. ( Your comments )

Thanks

Hi,

IMHO, it's a good practice to use some kind of prefix filtering when configuring a mutual redistribution.

Either to permit only specific prefixes to redistribute each direction (if possible due to your addressing plan)  or to tag the prefixes redistributed each direction and deny the tagged prefixes to be redistributed back at least.

BR,

Milan

Milan,

What config changes do I need  based on your comments.

Hi Anthony,

your diagram is not detailed enough to say the exact config changes you need.

My understanding so far is:

You are peering via BGP to your MPLS provider on each site (routers  X_MPLS_RTR).

On the same router you are running OSPF peering to other cascaded routers (X_Backbone).

On the router   X_MPLS_RTR you are running mujtual BGP/OSPF redistribution in a very basic configuration, i.e.,

router ospf 100
redistribute bgp 65001 subnets
...
router bgp 65001
redistribute ospf 100
...

To fix your requirement to run the traffic over the fiber line between A and B, you IMHO need to enable OSPF routing over that line plus

to configure in A_MPLS_RTR:

router bgp 65001

network x mask y backdoor

where x is the B-site subnet,

and analogically in the B_MPLS_RTR for the A-site subnet. (If multiple subnets necessary, replicate the network ... backdoor command).

But this would bring you another danger here:

As you are redistributing mutually between BGP and OSPF in all sites, it would be possible now some prefixes would be redistributed from BGP to OSPF in A site, via OSPF received in B and redistributed to BGP there creating routing loop so.

So you need to control what's redistributed which direction - recommended as a best practice anyway (see .CCIE Routing and Switching Exam Certification Guide, e.g.).

IMHO, you could use:

router bgp 65001

redistribute ospf 100 route-map to-bgp

router ospf 100

redistribute bgp 65001 subnets route-map to-ospf

route-map to-ospf permit 10
match ip address prefix-list external-subnets
!
route-map to-bgp permit 10
match ip address prefix-list local-subnet

and those prefix-lists would define which subnets might be redistributed each direction.

In a case of creating those prefix-lists would be too complicated or the subnets on each site are being changed periodically, you might use tagging of the redistributed prefixes.

For example:

route-map to-ospf permit 10

set tag 65001

route-map to-bgp deny 5
match tag 65001
route-map to-bgp permit 10

Those are just basic hints how to make the configuration safer, your network detailed knowledge is necessary to create the config for your productive routers. And testing in a lab is recommended before configuring in a productive network, of course!

HTH,

Milan

Hi Milan,

regarding your sentence

"As you are redistributing mutually between BGP and OSPF in all sites, it  would be possible now some prefixes would be redistributed from BGP to  OSPF in A site, via OSPF received in B and redistributed to BGP there  creating routing loop so."

That's prevented in an MPLS-VPN environment by the fact the LSAs that are redistributed from BGP to OSPF in vrf, have the "DOWN" bit and other tag values set expressely to prevent the situation where they can be redistributed back to the MPLS core by another PE.

No need to put additional filters for that purpose.

Regards,

Antonio

Hi Antonio,

my understanding was  the customer router (peering via BGP to the MPLS provider, not via OSPF) was doing the mutual redistribution itself.

So no VRF involved and no MPLS-VPN protection, I'm afraid.

BR,

Milan

Hello Antonio,

Milan is right : DOWN bit is checked only by PE routers and here we have mutual redistribution on two CE nodes that ignore that bit.

Milan's post is quite complete and I have rated it as deserved.

BGP is the PE-CE protocol as stated by Anthony.

route-tags or prefix-lists recommended here with two mutual redistribution points.

But BGP advertisements might be performed using network commands in BGP process removing the need for mutual redistribution.

Edit:

noticing that Site A and Site B have an horizontal link the use of mutual redistribution in a controlled way as explained by Milan can provide clear advantages.

I would follow that way

Edit2:

going back to original question I would consider the possibility to use selective AS path prepending on Site A and Site B so that different IP subnets are advertised by CEA and CEB differently this could influence service provider choices on PE node serving site C.

But CEC cannot know the choice made by peer PE node.

Hope to help

Giuseppe

Hi Giuseppe

Can U have a Look at the configuration attached in early reply and comment on it.

Thanks

Hello Anthony,

I agree with Milan:

you have two nodes that perform mutual redistribution  OSPF to BGP and BGP to OSPF. This requires appropriate handling as described in Milan's post.

The reason for this is that if there is any topology change problems can arise with uncontrolled mutual redistribution in multiple points.

You might use under BGP network commands (with exact mask for the no auto-summary) on the two MPLS routers describing the networks.

The advertisement will be performed by BGP if an exact match is present in IP routing table.

About your original questions:

1) as noted by Edison you could simply allow for traffic to flow as is if link between backbone A and backbone B is fast enough

An attempt to influence could be done by using selective as path prepending to the provider as suggested in previous post ( no 100% guarantee)

Site A should advertise SiteB's IP subnets with prepending of your own private ASN 65001 and the opposite should be done on Site B.

PE node if using as-override will change each occurrence of your ASN with its own AS number these should make AS path lengths different.

This would require the use of route-map towards eBGP peer applied outbound

2)  by the fact that each site uses two routers and that the SiteA to SiteB link is between internal routers those routers will use the direct link as they see OSPF intra area routes on the direct link and OSPF external routes coming from the colocated MPLS router. OSPF internal routes are always preferred over OSPF external routes regardless of metric value so you achieve what you want simply because BGP is the PE-CE protocol and OSPF is the internal protocol.

Hope to help

Giuseppe

Hi Giuseppe

I appreciate your support.

Correct me if my understanding is wrong from your post.

I need to take these steps

• On Mutual redistribution Point  -->> Apply filter ( I would use tagging )
  
• Add network statement in BGP Process with correct mask

I want to keep it simple, but didnt found any other way then Thinking of Mutual_Redistribution at Two points on the network.

Can my requirement be fullfilled without mutual_redistribution at Two Points on the network.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This one is really Stupid ONE " Please Reply"

I would like to clear one basic question, "When do mutual redistribution is  needed"

Thanks Milan for the support. Attached is network design. I also would like to avoid statis entry as routing protocol ospf is already implemented.

Hope to get some input.