Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MPLS - BGP

Hi

Seeking MPLS (BGP)  assistance,

MPLS on "B" will be up soon.


(( A )) ----( Fiber_connection )------------ (( B ))

   |                                                                    |

   |                                                                    |

   |                                                                    |

   |                                                                    |

   |                                                                    |

   ========MPLS======================

                        ||

                        ||

                     (( C ))

A connects to B over Fiber

A also connects to service Provider MPLS Cloud with 5MB Bandwidth

B also connects to service Provider MPLS cloud with 5MB Bandwidth

C connects to to service Provider MPLS cloud with 1 MB Bandwidth


MPLS service is running BGP

OSPF is running on LAN Segment

On "A" and "C" we got mutual redistribution between OSPF and BGP

C needs Email/Application traffic from A and Voice/Intranet from B.

Question : 1
can I route Email/Application traffic from C to A and Voice/Intranet traffic from C to B

(((((  without MPLS Service provider involvement    ))))


Question: 2

How do I manage the traffic from A to B to take Fiber as the Primary connection and MPLS connection as Backup route.

MPLS will be backdoor ; how to control routes entering and existing on "A" and "B"

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: MPLS - BGP

Hi Anthony,

depending on your topology details, there might be some way how to run without the mutual redistribution.

As Giuseppe  said in his previous reply:

"2)  by the fact that each site uses two routers and that the SiteA to SiteB link is between internal routers those routers will use the direct link as they see OSPF intra area routes on the direct link and OSPF external routes coming from the colocated MPLS router. OSPF internal routes are always preferred over OSPF external routes regardless of metric value so you achieve what you want simply because BGP is the PE-CE protocol and OSPF is the internal protocol."

If he is correct (and that's why I was asking for more detailed diagram) and  the SiteA to SiteB link is between internal routers (running OSPF only) and all the traffic between your end devices is passing through those internal routers, you could possibly survive without the mutual redistribution (and also without the backdoor command).

You might use BGP network ... commands to advertise proper subnets only to the MPLS backbone from your BGP routers.

And you could advertise the default route only to the OSPF cloud (configuring a static default route on the OSPF router pointing to the BGP router and advertising it to OSPF using metric type 1, e.g.) on each site. OSPF metric would let each local router to take the best way to the backbone then.

Configuring a static default route pointing to Null on the BGP routers would prevent them to accept the default route from OSPF.

Or you may develop some more sophisticated trick how to involve the default route.

Generally, I don't like the default route used in an enterprise routing, but this might be the way to make your life easier.

HTH,

Milan

Hall of Fame Super Silver

Re: MPLS - BGP

Hello Anthony,

if site C contains only router MPLS C no additional actions are needed, otherwise you can think of redistributing BGP routes into Site C MPLS C CE OSPF router process.

The service provider can easily accomodate for the use of same private AS number in all of your sites by using as-override so your CE MPLS C router shouldn't need any special BGP trick to accept routes coming from Site A and/or Site B.

(if the SP would not override the AS number, your router would not accept a BGP route with an AS path that already contains its own AS number and would silently discard it for the eBGP loop avoidance rule).

To be noted for this router the BGP next-hop is PE C router IP address you will not be able to know what is the chosen best path by examining the BGP advertisements received on SIte C CE node.

Hope to help

Giuseppe

21 REPLIES
Hall of Fame Super Bronze

Re: MPLS - BGP

Answer 1:

You can build GRE tunnels if you want to control routing yourself but why don't you let the traffic follow its normal path?

If A redistributes the email and application subnets into MPLS, C will follow the proper path.

The same can be said if B redistributes the voice and intranet subnets into the MPLS.

Answer 2:

You can enable OSPF on the fiber between A and B and intra-area routes will be preferred over OSPF external routes coming from the MPLS provider.

Regards,

Edison.

New Member

Re: MPLS - BGP

Edison,

It would be nice if routes follow the proper path but when U got 2 routes to same destination I alwayz doubt the flow of traffic.

I attached demo config for "A" , "B" , "C" ; please input if I dont need to worry for backdoor routes & my needs for Q1 and Q2 is fullfilled.

If there is more than one  multual redistribution then flow of traffic is unexpected - This is my point of view which I could be wrong. ( Your comments )

Thanks

Re: MPLS - BGP

Hi,

IMHO, it's a good practice to use some kind of prefix filtering when configuring a mutual redistribution.

Either to permit only specific prefixes to redistribute each direction (if possible due to your addressing plan)  or to tag the prefixes redistributed each direction and deny the tagged prefixes to be redistributed back at least.

BR,

Milan

Re: MPLS - BGP

Hi,

does

"MPLS service is running BGP
OSPF is running on LAN Segment
On "A" and "C" we got mutual redistribution between OSPF and BGP"

mean you are peering via BGP to your MPLS provider routers?

In that case, you might need

network ... backdoor

in your A and B router BGP configurations to enable the routing over the fiber connection additionally to the Edison's proposal.

HTH,

Milan

New Member

Re: MPLS - BGP

Milan,

What config changes do I need  based on your comments.

Re: MPLS - BGP

Hi Anthony,

your diagram is not detailed enough to say the exact config changes you need.

My understanding so far is:

You are peering via BGP to your MPLS provider on each site (routers  X_MPLS_RTR).

On the same router you are running OSPF peering to other cascaded routers (X_Backbone).

On the router   X_MPLS_RTR you are running mujtual BGP/OSPF redistribution in a very basic configuration, i.e.,

router ospf 100
redistribute bgp 65001 subnets
...
router bgp 65001
redistribute ospf 100
...

To fix your requirement to run the traffic over the fiber line between A and B, you IMHO need to enable OSPF routing over that line plus

to configure in A_MPLS_RTR:

router bgp 65001

network x mask y backdoor

where x is the B-site subnet,

and analogically in the B_MPLS_RTR for the A-site subnet. (If multiple subnets necessary, replicate the network ... backdoor command).

But this would bring you another danger here:

As you are redistributing mutually between BGP and OSPF in all sites, it would be possible now some prefixes would be redistributed from BGP to OSPF in A site, via OSPF received in B and redistributed to BGP there creating routing loop so.

So you need to control what's redistributed which direction - recommended as a best practice anyway (see .CCIE Routing and Switching Exam Certification Guide, e.g.).

IMHO, you could use:

router bgp 65001

redistribute ospf 100 route-map to-bgp

router ospf 100

redistribute bgp 65001 subnets route-map to-ospf

route-map to-ospf permit 10
match ip address prefix-list external-subnets
!
route-map to-bgp permit 10
match ip address prefix-list local-subnet

and those prefix-lists would define which subnets might be redistributed each direction.

In a case of creating those prefix-lists would be too complicated or the subnets on each site are being changed periodically, you might use tagging of the redistributed prefixes.

For example:

route-map to-ospf permit 10

set tag 65001

route-map to-bgp deny 5
match tag 65001
route-map to-bgp permit 10

Those are just basic hints how to make the configuration safer, your network detailed knowledge is necessary to create the config for your productive routers. And testing in a lab is recommended before configuring in a productive network, of course!

HTH,

Milan

New Member

Re: MPLS - BGP

Hi Milan,

regarding your sentence

"As you are redistributing mutually between BGP and OSPF in all sites, it  would be possible now some prefixes would be redistributed from BGP to  OSPF in A site, via OSPF received in B and redistributed to BGP there  creating routing loop so."

That's prevented in an MPLS-VPN environment by the fact the LSAs that are redistributed from BGP to OSPF in vrf, have the "DOWN" bit and other tag values set expressely to prevent the situation where they can be redistributed back to the MPLS core by another PE.

No need to put additional filters for that purpose.

Regards,

Antonio

Re: MPLS - BGP

Hi Antonio,

my understanding was  the customer router (peering via BGP to the MPLS provider, not via OSPF) was doing the mutual redistribution itself.

So no VRF involved and no MPLS-VPN protection, I'm afraid.

BR,

Milan

Hall of Fame Super Silver

Re: MPLS - BGP

Hello Antonio,

Milan is right : DOWN bit is checked only by PE routers and here we have mutual redistribution on two CE nodes that ignore that bit.

Milan's post is quite complete and I have rated it as deserved.

BGP is the PE-CE protocol as stated by Anthony.

route-tags or prefix-lists recommended here with two mutual redistribution points.

But BGP advertisements might be performed using network commands in BGP process removing the need for mutual redistribution.

Edit:

noticing that Site A and Site B have an horizontal link the use of mutual redistribution in a controlled way as explained by Milan can provide clear advantages.

I would follow that way

Edit2:

going back to original question I would consider the possibility to use selective AS path prepending on Site A and Site B so that different IP subnets are advertised by CEA and CEB differently this could influence service provider choices on PE node serving site C.

But CEC cannot know the choice made by peer PE node.

Hope to help

Giuseppe

New Member

Re: MPLS - BGP

Hi Giuseppe

Can U have a Look at the configuration attached in early reply and comment on it.

Thanks

Hall of Fame Super Silver

Re: MPLS - BGP

Hello Anthony,

I agree with Milan:

you have two nodes that perform mutual redistribution  OSPF to BGP and BGP to OSPF. This requires appropriate handling as described in Milan's post.

The reason for this is that if there is any topology change problems can arise with uncontrolled mutual redistribution in multiple points.

You might use under BGP network commands (with exact mask for the no auto-summary) on the two MPLS routers describing the networks.

The advertisement will be performed by BGP if an exact match is present in IP routing table.

About your original questions:

1) as noted by Edison you could simply allow for traffic to flow as is if link between backbone A and backbone B is fast enough

An attempt to influence could be done by using selective as path prepending to the provider as suggested in previous post ( no 100% guarantee)

Site A should advertise SiteB's IP subnets with prepending of your own private ASN 65001 and the opposite should be done on Site B.

PE node if using as-override will change each occurrence of your ASN with its own AS number these should make AS path lengths different.

This would require the use of route-map towards eBGP peer applied outbound

2)  by the fact that each site uses two routers and that the SiteA to SiteB link is between internal routers those routers will use the direct link as they see OSPF intra area routes on the direct link and OSPF external routes coming from the colocated MPLS router. OSPF internal routes are always preferred over OSPF external routes regardless of metric value so you achieve what you want simply because BGP is the PE-CE protocol and OSPF is the internal protocol.

Hope to help

Giuseppe

New Member

Re: MPLS - BGP

Hi Giuseppe

I appreciate your support.

Correct me if my understanding is wrong from your post.

I need to take these steps

  • On Mutual redistribution Point  -->> Apply filter ( I would use tagging )
  • Add network statement in BGP Process with correct mask

I want to keep it simple, but didnt found any other way then Thinking of Mutual_Redistribution at Two points on the network.

Can my requirement be fullfilled without mutual_redistribution at Two Points on the network.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This one is really Stupid ONE " Please Reply"

I would like to clear one basic question, "When do mutual redistribution is  needed"

Re: MPLS - BGP

Hi Anthony,

depending on your topology details, there might be some way how to run without the mutual redistribution.

As Giuseppe  said in his previous reply:

"2)  by the fact that each site uses two routers and that the SiteA to SiteB link is between internal routers those routers will use the direct link as they see OSPF intra area routes on the direct link and OSPF external routes coming from the colocated MPLS router. OSPF internal routes are always preferred over OSPF external routes regardless of metric value so you achieve what you want simply because BGP is the PE-CE protocol and OSPF is the internal protocol."

If he is correct (and that's why I was asking for more detailed diagram) and  the SiteA to SiteB link is between internal routers (running OSPF only) and all the traffic between your end devices is passing through those internal routers, you could possibly survive without the mutual redistribution (and also without the backdoor command).

You might use BGP network ... commands to advertise proper subnets only to the MPLS backbone from your BGP routers.

And you could advertise the default route only to the OSPF cloud (configuring a static default route on the OSPF router pointing to the BGP router and advertising it to OSPF using metric type 1, e.g.) on each site. OSPF metric would let each local router to take the best way to the backbone then.

Configuring a static default route pointing to Null on the BGP routers would prevent them to accept the default route from OSPF.

Or you may develop some more sophisticated trick how to involve the default route.

Generally, I don't like the default route used in an enterprise routing, but this might be the way to make your life easier.

HTH,

Milan

New Member

Re: MPLS - BGP

Thanks Milan for the support. Attached is network design. I also would like to avoid statis entry as routing protocol ospf is already implemented.

Hope to get some input.

Hall of Fame Super Silver

Re: MPLS - BGP

Hello Anthony,

>> This one is really Stupid ONE " Please Reply"

I would like to clear one basic question, "When do mutual redistribution is  needed"

mutual redistribution is needed when using default routes is not possible.

In your scenario you can use network commands in BGP proceess, instead of redistribute ospf into BGP if the number of IP prefixes is less then 200 that is the maximum number of network statements you can use.

If the total number of IP subnets in Site A and Site B is less then 200 you can skip redistribution of OSPF into BGP on MPLS router A and MPLS router B.

You can keep redistribution of BGP into OSPF if you need the details of Site C routes and you cannot be happy with a default route injected in OSPF domain by MPLS router A and MPLS router B.

this greatly simplifies as you don't need to go with route tagging and route maps anymore

The same reasoning can be applied on MPLS router C

>> I need to take these steps

  • a) On Mutual redistribution Point  -->> Apply filter ( I would use tagging )
  • b) Add network statement in BGP Process with correct mask

No, or you do a) or you do b) you don't need both sorry if I have been unclear

Hope to help

Giuseppe


Re: MPLS - BGP

Hi,

I agree with Giuseppe, if the topology is not so complicated, keeping BGP redistributed to OSPF with his a) or b) proposal is the easiest way.

Another possibility might be asking the provider to avdertise a default route conditionally in a case the PE-CE BGP session is Up only and redistributing the default route only to the OSPF. You would need no static then and would not create a black-hole routing in a case of a BGP session failure.

But for your topology this would be too complicated, I'm afraid.

BR,

Milan

New Member

Re: MPLS - BGP

Thanks for supporting the post.

One Last question

The Network which is needed by Site "C" needs to be advertised in BGP Process on "A" && "B"

Any action needed on "C"

Hall of Fame Super Silver

Re: MPLS - BGP

Hello Anthony,

if site C contains only router MPLS C no additional actions are needed, otherwise you can think of redistributing BGP routes into Site C MPLS C CE OSPF router process.

The service provider can easily accomodate for the use of same private AS number in all of your sites by using as-override so your CE MPLS C router shouldn't need any special BGP trick to accept routes coming from Site A and/or Site B.

(if the SP would not override the AS number, your router would not accept a BGP route with an AS path that already contains its own AS number and would silently discard it for the eBGP loop avoidance rule).

To be noted for this router the BGP next-hop is PE C router IP address you will not be able to know what is the chosen best path by examining the BGP advertisements received on SIte C CE node.

Hope to help

Giuseppe

New Member

Re: MPLS - BGP

Thank both Experts for the excellent support.

New Member

Re: MPLS - BGP

Hi Anthony,

my answers inline:

>Question : 1
>can I route Email/Application traffic from C to A and Voice/Intranet traffic from C to B

>(((((  without MPLS Service provider involvement    ))))

No, unless you don't build GRE tunnels and run an IGP over them


>Question: 2

>How do I manage the traffic from A to B to take Fiber as the Primary connection and MPLS connection as Backup route.

>MPLS will be backdoor ; how to control routes entering and existing on "A" and "B"

Just configure OSPF over the backdoor link. The routes that are redistributed from BGP to OSPF on A, won't be redistributed back to BGP in C because of the automatic checks on the tags C will do.

This way between A and C you'll use the backdoor link.

Best regards,

Antonio

New Member

Re: MPLS - BGP

Hi

As per Cisco SE  "When you got more than one mutual redistribution point then you need to filter the updates either using TAG or other methods"

I would like to clear one basic question, "When do mutual redistribution is needed"

Lets take an example

HQ connects to Branch-Office using service Provider MPLS Cloud

  • HQ is hosting all Services Email / Application / Intranet-Portals.
  • Branch offices gets all its services from HQ
  • At Branch office there is Domain controllers,Backup_Servers which needs to replicate with domain controllers at HQ
  • Admin in HQ needs to access Servers/Users Pcs in Branch_Offices for Troubleshooting and Maintenance.

For the above needs do I need to have Mutual Redistribution.

For LAN OSPF is used as routing Protocol

For WAN BGP is used as routing protocol ( config is provided by SP )

Here is a sample config of Service_provider

interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ip address 172.31.31.138 255.255.255.252
!

router bgp 65001
no synchronization
bgp log-neighbor-changes
  neighbor 172.31.31.137 remote-as 65000
no auto-summary

{ Neighbor 172.31.31.137  - Service Provider next hop }

818
Views
10
Helpful
21
Replies