dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
28
aryoba
MVM
join:2002-08-22

aryoba to yaplej

MVM

to yaplej

Re: Route distribution for dual WAN

said by yaplej:

said by aryoba:

Are you referring to the DC1-ROUTER1 and DC2-ROUTER1 when you say ROUTER1 that has OSPF default-information origin?

Yes. DC1-ROUTER1 and DC2-ROUTER1 are both running default-info-orig in both OSPF and BGP.

They provide a default route to/from the local OSPF network and to/from the BGP network. So if the default route from OSPF is lost ROUTER1 will advertise the default route coming from the other site from BGP to the local OSPF network so devices can still get out to the Internet through the remote DC.

I don't think this is a good design since the "default route" pointing through the MPLS BGP network is not really default gateway. A default gateway should be pointing to outside network (i.e. the Internet) or be pointing to non-local network. Remote sites' IP addresses are not outside network, they are still "known" networks.

Are you doing BGP peering with the MPLS provider routers? If yes, then you should receive BGP route advertisement from them regarding networks of remote sites. When this is the case, you should never put static routes on the ROUTERs to reach remote sites since the ROUTERs receive the remote site IP addresses dynamically via BGP. In other words, you would only receive default gateway (the IP address of 0.0.0.0) from the ISP router (iNet).

yaplej
Premium Member
join:2001-02-10
White City, OR

yaplej

Premium Member

said by aryoba:

I don't think this is a good design since the "default route" pointing through the MPLS BGP network is not really default gateway. A default gateway should be pointing to outside network (i.e. the Internet) or be pointing to non-local network. Remote sites' IP addresses are not outside network, they are still "known" networks.

Its probably not the best way to do it but if our Internet connection goes down it was how I could get the Internet traffic routed to the other connection. There is a default route out both sites.
said by aryoba:

Are you doing BGP peering with the MPLS provider routers? If yes, then you should receive BGP route advertisement from them regarding networks of remote sites. When this is the case, you should never put static routes on the ROUTERs to reach remote sites since the ROUTERs receive the remote site IP addresses dynamically via BGP. In other words, you would only receive default gateway (the IP address of 0.0.0.0) from the ISP router (iNet).

DC1-ROUTER1, DC2-ROUTER2 and OFFICE routers all peer with the MPLS provider routers. The only place we have static routes is the EDGE routers pointing to the Internet (iNet).

When distributing OSPF into BGP and BGP into OSPF at DC1-ROUTER1 and DC2-ROUTER1 the default route was not being included. That's why I had to turn on default-info-orig on each of routing protocol so when one of the Internet connections went down Internet traffic would begin flowing through the MPLS network to other site and out the other Internet connection. Tested this several times actually.
aryoba
MVM
join:2002-08-22

aryoba

MVM

said by yaplej:

said by aryoba:

I don't think this is a good design since the "default route" pointing through the MPLS BGP network is not really default gateway. A default gateway should be pointing to outside network (i.e. the Internet) or be pointing to non-local network. Remote sites' IP addresses are not outside network, they are still "known" networks.

Its probably not the best way to do it but if our Internet connection goes down it was how I could get the Internet traffic routed to the other connection. There is a default route out both sites.
said by aryoba:

Are you doing BGP peering with the MPLS provider routers? If yes, then you should receive BGP route advertisement from them regarding networks of remote sites. When this is the case, you should never put static routes on the ROUTERs to reach remote sites since the ROUTERs receive the remote site IP addresses dynamically via BGP. In other words, you would only receive default gateway (the IP address of 0.0.0.0) from the ISP router (iNet).

DC1-ROUTER1, DC2-ROUTER2 and OFFICE routers all peer with the MPLS provider routers. The only place we have static routes is the EDGE routers pointing to the Internet (iNet).

When distributing OSPF into BGP and BGP into OSPF at DC1-ROUTER1 and DC2-ROUTER1 the default route was not being included. That's why I had to turn on default-info-orig on each of routing protocol so when one of the Internet connections went down Internet traffic would begin flowing through the MPLS network to other site and out the other Internet connection. Tested this several times actually.

If I'm not mistaken, it sounds like you need to do manual configuration on DC-ROUTERs when there is an outage, which include static route (default gateway) implementation and have OSPF on DC-ROUTERs announce it using the default-information originate command. Am I correct?

Some clarification; what is the MPLS BGP AS number? Is it the same 65001 as your current DC1 AS number? Or else?

The Metro-E fiber between DC1 and DC2; and the EoC to remote offices are not in place yet, correct?

yaplej
Premium Member
join:2001-02-10
White City, OR

yaplej

Premium Member

said by aryoba:

If I'm not mistaken, it sounds like you need to do manual configuration on DC-ROUTERs when there is an outage, which include static route (default gateway) implementation and have OSPF on DC-ROUTERs announce it using the default-information originate command. Am I correct?

No, the DC-ROUTERs dont need manually reconfigured in an outage.

First each DC-EDGE router advertises its static default route to the Internet into OSPF via default-into-orig. This is the preferred default route for the local OSPF area 0.

The DC-ROUTERs advertise the default route from the local OSPF area 0 via default-info-orig a default route into BGP with DC1-ROUTER taking preference due to the community 90 added to DC2-ROUTER.

At this point the DC-ROUTERs are both receiving two default routes first one from OSPF via DC-EDGE and second from BGP via other DC-ROUTER that just a redistribution from the local OSPF default route via DC-EDGE. In both cases the default route is ultimately from one of the DC-EDGE routers.

Then the DC-ROUTERs distribute the default route they receive from BGP into OSPF as an E2 route so the local OSPF route from DC-EDGE takes preference.

When there are any problems with the circuit from either DC-EDGE it stops advertising the default route so the E2 route from DC-ROUTER automatically route traffic destined to the Internet through the other DC.
said by aryoba:

what is the MPLS BGP AS number.

Our providers public ASN ###. Not a private ASN.
said by aryoba:

The Metro-E fiber between DC1 and DC2; and the EoC to remote offices are not in place yet, correct?

Correct. They are not in place.

As mentioned I agree that the best thing to do at this point is assign all our sites a unique private ASN and run BGP on both WANs. With both WANs running BGP we can route our traffic as needed.

What can be done about the "CORE" routing? We are limited to an OSPF only core right now so there has to be some redistribution between BGP/OSPF at the DC-ROUTERs. Rather than redistributing OSPF to BGP and BGP to OSPF perhaps just network statements to OSPF and BGP? I am not sure if BGP/OSPF would advertise a network statement if that network were not directly connected but just a route from another routing protocol.

I think we might need to keep the BGP admin distance set to 115 to prevent routing loops between DC-ROUTER1 and DC-ROUTER2. Without that it would prefer the BGP route to/from each other over delivering the traffic to OSPF where the destination network ultimately resides.
aryoba
MVM
join:2002-08-22

aryoba

MVM

First of all, thanks for clarification on how your current network design works
said by yaplej:

As mentioned I agree that the best thing to do at this point is assign all our sites a unique private ASN and run BGP on both WANs. With both WANs running BGP we can route our traffic as needed.

Good decision. If you haven't done much of BGP work, then this is gonna be a good starting project
said by yaplej:

Rather than redistributing OSPF to BGP and BGP to OSPF perhaps just network statements to OSPF and BGP?

I would agree to use the network commands under the router bgp configuration to advertise local networks off to other sites. With the network command, you have more control of which network should be advertised, compared to OSPF-to-BGP redistribution. Further, the use of the network command states that the networks you advertise via BGP is considered local (coming from internal network) from BGP perspective by default, hence it would appear with i in BGP table.
said by yaplej:

I am not sure if BGP/OSPF would advertise a network statement if that network were not directly connected but just a route from another routing protocol.

From BGP perspective, it does not matter if the networks you advertise via BGP is connected directly, is stated as static route in local router, or is advertised from "local" dynamic routing protocol (in your case, the local OSPF). All of these from BGP perspective is considered internal. As long as the networks are in the local routing table, BGP would advertise them.
said by yaplej:

What can be done about the "CORE" routing? We are limited to an OSPF only core right now so there has to be some redistribution between BGP/OSPF at the DC-ROUTERs.

As a note that you still have to have local routing in place (whether as directly connected, static routes, or in your case OSPF) to maintain connectivity between your core switches and the DC-ROUTERs even when you run BGP internally. Since your core switches are only speaking OSPF, then you can keep maintaining the same OSPF domain between the DC-EDGE, DC-ASA, CORE, and DC-ROUTER.

Since your DC-EDGE and DC-ASA are considered outside network compared to CORE and DC-ROUTER, I would suggest to place the DC-EDGE and DC-ASA as their own OSPF area while you can keep CORE and DC-ROUTER as Area 0. The DC-ASA would then be ABR.

With this area segregation, you can do some network summarization so that the outside network don't have to see every little network you have internally. Similarly, the DC-ROUTER does not have to see every little network you have on the outside network with network summarization.
said by yaplej:

I think we might need to keep the BGP admin distance set to 115 to prevent routing loops between DC-ROUTER1 and DC-ROUTER2. Without that it would prefer the BGP route to/from each other over delivering the traffic to OSPF where the destination network ultimately resides.

When you have different BGP AS between DC1, DC2, MPLS cloud, and remote sites; by default BGP route would prefer path with least hop (as the attribute of BGP being Path-Vector routing protocol). Therefore you don't need to change the default BGP administrative distance unless you are running BGP with non-Cisco devices that have different administrative distance by default than the Cisco devices.