iBGP redistribution

Hello Engineers,

I wanted to see if anyone can assist me in the situation I have. Basically we have an RTBH (Remotely Triggered Black Hole) setup, and we're learning routes (Bad-IP's, Public IP's that is) from our Sister Company via an iBGP peer. Now we would like to redistribute these learned routes to our other sites. I understand that we cannot redistribute an iBGP learned route to another iBGP neighbor (BGP Loop Mechanism). So I would like to ask what would be the best possible way or ideas of sending these learned iBGP routes to other remote sites possibly with iBGP (if possible). Thank You and hoping to hear from you guys! :smile:

Comments

  • True, we cannot redistribute an iBGP learned route to another iBGP neighbor (BGP Loop Mechanism) but I would not call it "redistribute"
    are we talking about true redistribution or just advertising or passing routes to iBGP?

    if there is a middle iBGP peer stopping those routes from passing them along, then use such middle iBGP as a route reflector. if there are more iBGP routers, then use confederation.
    if there could be just one direct link between 2 edge ebgp, then they will pass routes no problem.

  • Hello MartinLosik, Thank you for responding. Yes, I would like to redistribute/pass the same learned routes to another BGP neighbor. Let me re-phrase the scenario once more, maybe I wasn't clear enough in my previous comment (and I would like to apologize for that). We have a Router in our Main Data-Center (HUB) learning routes from an iBGP neighbor (sister company). I would like a way to redistribute these learned routes to our small offices (meaning we control/manage these remotes sites networking gear). Since the peering is via iBGP (with our sister company), my question was what are the ways I can redistribute these iBGP learned routes to our remote offices. The plan was to filter the learned routes and redistribute them (maybe even using a different AS#). I thought about the peer-group, but how do I tag these networks so I can redistribute them over to remote offices. Let me know if this still doesn't make sense.

  • When u said redistribute it usually means from one protocol into another one. For example from bgp into ospf or eigrp. Normally, design wise, Your spokes should be connected to hub via some igp like eigrp or ospf. If u use ibgp is probably for fine control of routes. Two options are:

    1. Just redistribute bgp into igp at hub.
    2. If u ran ibgp from hub to spokes, hub must be route reflector or make your hub connection to sister company as ebgp
  • Thank You once again Martin! :smile:

  • Looping back into this discussion. I've tried to lab this UP, but it seems that the Cisco ASA is seeing the Route-Reflector as a neighbor, but It's not learning the routes that should be advertised by the route-reflector to the client (ASA). Here is a diagram showing how the topology is.

    Here are the config that I have between the route-reflector and the ASA 5585-X series Firewall:

    Route-Reflector:

    router bgp (1111)
    bgp router-id z.z.z.z
    bgp log-neighbor-changes
    neighbor x.x.x.x (unmanaged-router's IP address) remote-as 1111
    neighbor x.x.x.x (unmanaged-router's IP address) password <12345>
    neighbor x.x.x.x (unmanaged-router's IP address) version 4
    neighbor y.y.y.y (cisco ASA IP address) remote-as 1111
    neighbor y.y.y.y (cisco ASA IP address) version 4
    !
    address-family ipv4
    neighbor x.x.x.x activate
    neighbor y.y.y.y activate
    neighbor y.y.y.y route-reflector-client
    exit-address-family

    Cisco-ASA:

    router bgp 1111
    bgp log-neighbor-changes
    bgp router-id y.y.y.y
    address-family ipv4 unicast
    neighbor r.r.r.r (Route-Reflector IP Address) remote-as 1111
    neighbor r.r.r.r activate
    no auto-summary
    no synchronization
    exit-address-family

Sign In or Register to comment.