BGP Design Question - BGP Redistribute-Internal

I am working on a new wires only MPLS solution for our WAN connectivity.

We will be sourcing 2 x links from the ISP (BT) and we will be managing the CE routers.

We have labbed up a scenario where our CE routers are running AS65410 and peering to the ISP with 64510

I then wanted to redistribute the routes into OSPF but it didnt' work.

This is caused by BGP loop prevention and can be overcome by putting bgp redistribute-internal in the bgp process.

My question is would this be a problem in our design?

Should be just be peering to the ISP with a different private AS, so make them an eBGP peer instead of an iBGP peer.

I am just looking around for some best practice BGP design docs on this scenario.

We have purchased two links and will be traffic engineering over both of them, but before I go any furthur I just wanted to get some confirmation on this design.

Thanks

Rogerimage

 

Comments

  • We have labbed up a scenario where our CE routers are running AS65410 and peering to the ISP with 64510

     

    65410 != 64510. Must be a typo?

     

    Have you checked with the ISP first? My impression is most of them are unwilling to have a cozy iBGP peering with their customers.

  • Will you be receiving a full table from them? Can you run BGP on the non-CE router that you have in your diagram? If so, I would peer iBGP between your 2 CE routers and that device. Then you can redistribute into OSPF from the 1 non-CE device into the rest of your network. 

     

  • Hi,

    Usually we configure an eBGP peering with an ISP which is providing intranet carier service. If you have different AS numbers to connect your ISPs, it will be easier to perform route filtering for incoming & outgoing traffic using various BGP tools. So, for this design, I suggest you to go for eBGP session with your service provider.

    If you need to redistribute an IGP into the BGP domain, you need redistribute-internal keyword in the iBGP domain which doesn't affect & cause any kind of loop but still I recommend you to go for eBGP peering with your ISPs. 

    Good luck!

  • Hi Roger

     

    I would definitly check if this is eBGP and not iBGP.  Using redistribute-internal in BGP is dangerous and switched off my default for good reason.  

     

    The reason being is that iBGP uses an AD of 200 by default and therfore will be trumped by all IGP's, RIP and even externals (EIGRP AD 170 > iBGP 200).  So you can end up with suboptimal routing which can lead to a loop (Brian Dennis <3).  If you look at your design above and configure iBGP then redistribute internal on only one of them the second CE device will prefer the IGP routes rather than the iBGP routes from the provider.  What you can end up with is the router reditributing iBGP > IGP eventually learns those routes back from the IGP, this results in iBGP withdrawing the redistribution which withdraws it from the IGP so it then drops the route and the cycle repeats.  If you absolutly must use redistribute-internal because this is an iBGP to the provider then you should do some admin distance manipulation on those CE devices.  Either make iBGP a distance of 20 or modify distance based on the peers you are learning the routes from but beware of the above.

     

    Nick

     

     

  • I just realised the picture has been chopped on the post?

    I am working through many options and they all seem valid.

    This is a private MPLS and will have no internet routing table.

    I will get a better diagram done, but just looking for some valid designs of dual homing to one ISP through 2 local routers.

    I think I need to peer iBGP between my 2 local on site routers (CE routers) and then eBGP to the 2 ISP routers.

    I will then control the traffic by matching it and adjusting local pref and Med where appropiate.

    Roger

  • JoeMJoeM ✭✭✭

    I just realised the picture has been chopped on the post?

    Hi Roger,

    Edit your post, and drag a corner on the image.  This will allow you shrink the size to fit the post.

  •  

    Hi,

    As suggested, the best solutions is E-BGP with your ISP (BT). With tis solution you can filter outgoing et incoming traffic.

    Presuming that Provider AS = 65410 and your AS=65016 for example.

    So let me give somme détails here:

    - E-BGP peering with your ISP (PE)

    - I-BGP peering between ISP routers CE ( peering with loopback i.e update-source loo0)

    - I-BGP between your CE ( peering with loopback i.e update-source loo0)

    - Adjust the incoming trafic with AS-PREPEND to the E-BGP peer

    - Adjust the outgoing trafic with Local preference for all I-BGP peers

     

    On your primary CE, configure this:

     

    ip prefix-list prefix-list PREF-FROM-ISP permit X.X.X.X/X

    route-map LOCAL-PREF permit 10

    set local-preference 200

    match ip address prefix-list PREF-FROM-ISP

    !

    router bgp 65016

    neig @IP-ISP route-map route-map LOCAL-PREF in

    !

    router ospf X

    redistribute bgp 65016 subnets match external internal metric-type 1

    !

    on the secondary CE:

    route-map AS-PREPEND permit 10

    set as-path prepend 65016 65016 65016

    !

    router bgp 65016

    neig @IP-ISP route-map AS-PREPEND out

    !

    router ospf X

    redistribute bgp 65016 subnets match external internal metric-type 1

    !

    On the ISP primary PE:

    ip prefix-list prefix-list PREF-FROM-CUST permit X.X.X.X/X

     

    route-map LOCAL-PREF permit 10

    set local-preference 200

    match ip address prefix-list PREF-FROM-CUST

    !

    router bgp 65410

    neig @IP-CUST route-map route-map LOCAL-PREF in

    !

    On the secondary ISP PE:

    route-map AS-PREPEND permit 10

    set as-path prepend 65410 65410 65410

     

    router bgp 65410

    neig @IP-CUST route-map AS-PREPEND out

    !

  • The proposal from kalmogo looks fine, and how I normally do it. But I only control traffic on the CE, not on the PE making this even more simpler.

     

    CE primary: 

    set high local preference on prefix recieved from PE.

    route-map LOCAL-PREF permit 10

    set local-preference 200

    !

    router bgp 65016

    neig @IP-ISP route-map route-map LOCAL-PREF in

     

     

    CE secondary:

    advertice with a longer as-path (prepend)

    route-map AS-PREPEND permit 10

    set as-path prepend 65016 65016 65016

    !

    router bgp 65016

    neig @IP-ISP route-map AS-PREPEND out

     

    Between the two CE: a iBGP peering, with next-hop-self configured

     

    By not having any engineering config on the PE, we can easily swaptraffic and use secondary without involving ISP (BT)

    I would also ask BT for what AS# to use. This will be a eBGP

     

Sign In or Register to comment.