[c-nsp] Changing from iBGP to eBGP - Again
Mark Tohill
Mark at u.tv
Thu Jul 7 12:50:41 EDT 2005
Oliver,
Below is the config of our primary box.
Thoughts/Questions:
1. When we amend the AS no. in the neighbor statement, we will need to
the ebgp-multihop since we will not be directly connected to our
providers ebgp routers.??
2. The OSPF is for Providers benefit, so they see their loopback
interfaces.
Thanks
Mark
Config posted:
172.16. - Providers POP1 space
172.17. - Providers POP2 space
192.168. - Our address space from /16.
---------------------------------------
interface Loopback0
ip address 172.16.31.181 255.255.255.255
!
interface Loopback1
ip address 172.17.212.17 255.255.255.255
interface FastEthernet0/0
description
ip address 192.168.2.60 255.255.255.128 secondary
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip mroute-cache
duplex full
speed 100
no cdp enable
standby 1 ip 192.168.1.24
standby 1 ip 192.168.2.1 secondary
standby 1 priority 150
standby 1 preempt
standby 1 track POS2/0 70
hold-queue 1000 in
interface ATM1/0
description
no ip address
no ip mroute-cache
no atm ilmi-keepalive
hold-queue 1000 in
!
interface ATM1/0.2 point-to-point
description link to PoP2
bandwidth 10000
ip address 172.16.31.170 255.255.255.252
ip access-group 125 in
pvc 0/32
encapsulation aal5snap
interface POS2/0
description UPSTREAM PROVIDER
ip address 172.17.211.226 255.255.255.252
clock source internal
pos framing sdh
router ospf 10
log-adjacency-changes
passive-interface ATM1/0.2
passive-interface FastEthernet0/0
network 172.16.31.181 0.0.0.0 area 0
network 172.17.211.224 0.0.0.3 area 0
!
router bgp <PROVIDER ASN>
no synchronization
bgp log-neighbor-changes
network 192.168.0.0 mask 255.255.0.0
network 192.168.0.0 mask 255.255.252.0
network 192.168.4.0
network 192.168.7.0
network 192.168.1.0 mask 255.255.248.0
network 192.168.16.0 mask 255.255.252.0
network 192.168.21.0
network 192.168.2.0
network 192.168.32.0 mask 255.255.224.0
<neighbor list truncated for brevity...>
neighbor 172.16.30.65 remote-as <PROVIDER ASN>
neighbor 172.16.30.65 ebgp-multihop 255
neighbor 172.16.30.65 update-source Loopback1
neighbor 172.16.30.65 next-hop-self
neighbor 172.16.30.65 route-map LOCALPREF_OUT out
neighbor 172.16.30.65 password <removed>
neighbor 172.16.30.66 remote-as <PROVIDER ASN>
neighbor 172.16.30.66 ebgp-multihop 255
neighbor 172.16.30.66 update-source Loopback1
neighbor 172.16.30.66 next-hop-self
neighbor 172.16.30.66 route-map LOCALPREF_OUT out
neighbor 172.16.30.66 password <removed>
neighbor 172.16.31.182 remote-as <PROVIDER ASN>
neighbor 172.16.31.182 update-source Loopback1
neighbor 172.16.31.182 next-hop-self
neighbor 172.16.31.182 route-map LOCALPREF_OUT out
neighbor 172.16.31.182 password <removed>
neighbor 172.16.31.183 remote-as <PROVIDER ASN>
neighbor 172.16.31.183 update-source Loopback1
neighbor 172.16.31.183 next-hop-self
neighbor 172.16.31.183 route-map LOCALPREF_OUT out
neighbor 172.16.31.183 password <removed>
neighbor 172.17.196.251 remote-as <PROVIDER ASN>
neighbor 172.17.196.251 update-source Loopback1
neighbor 172.17.196.251 next-hop-self
neighbor 172.17.196.251 route-map LOCALPREF_OUT out
neighbor 172.17.196.251 password <removed>
neighbor 172.17.196.252 remote-as <PROVIDER ASN>
neighbor 172.17.196.252 update-source Loopback1
neighbor 172.17.196.252 next-hop-self
neighbor 172.17.196.252 route-map LOCALPREF_OUT out
neighbor 172.17.196.252 password <removed>
maximum-paths 2
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.211.225
.
.
-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
Sent: 06 July 2005 18:15
To: Mark Tohill
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Changing from iBGP to eBGP - Again
so you have two routers per Pop, each of which needs to peer with one
provider router in the same pop? So you would end up with 4 eBGP
connections in total? And you have four routers in your own ASN which
speak BGP? If this is the case, you will have one eBGP peer and three
iBGP peers on every router:
router bgp <your-new-asn>
no synch
neighbor <prov-router-1> remote-as ISP-ASN
neighbor <prov-router-1> prefix-list myownspace out
neighbor IBGP-MESH peer-group
neighbor IBGP-MESH remote-as <your-new-asn>
neighbor IBGP-MESH update-source loopback0
neighbor IBGP-MESH next-hop-self
neighbor a.a.a.a peer-group IBGP-MESH
neighbor b.b.b.b peer-group IBGP-MESH
neighbor c.c.c.c peer-group IBGP-MESH
ip prefix-list myownspace permit x.x.x.x/16 le 24
all the "network" statements which you might currently use to advertise
the address ranges stay in place..
But without configs, this is a only a somewhat educated guess..
oli
Mark Tohill <mailto:Mark at u.tv> wrote on Wednesday, July 06, 2005 6:55
PM:
> Oliver,
>
> Our current setup look something like:
>
>
> PoP No.1 PoP No.2
> WAN
> |----------------------------------------|
>
> | |
> PriRouter ---LAN----- SecRouter PriRouter ---LAN---
> SecRouter | [HSRP] | |
> [HSRP] | | | |
> | ibgp ibgp ibgp
> ibgp | | |
> | | | | |
> ProviderRtr1---LAN----ProviderRtr2
> ProviderRtr1---LAN----ProviderRtr2
> | |
> | |
> ProviderRtrX ProviderRtrX
> | |
> | ----------------------------------------|
> WAN
>
> Provider Provider
> Pop No.1 Pop No.2
>
>
> I hope that makes sense!
>
> Following points:
> We announce chunk of our class B from each of our PoP's
> (non-contiguous)
>
> Neighbor relationships between us and provider are all iBGP
>
> We are not implementing route-reflectors, communities, confederations
> etc.,
> just have multiple neighbor statements, alot of repetition. Probably
> about six ibgp neighbors per router.
>
> Synchronization not running
>
> Will I post configs....? :)
>
> Thanks
> Mark
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: 06 July 2005 16:50
> To: Mark Tohill; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Changing from iBGP to eBGP - Again
>
> Mark,
>
> it would be best if you pasted your current BGP config and topology so
> we know what you are doing today. I assume you have an iBGP peer to
> your upstream, and do route-reflector-client to your iBGP peers in
> order to reflect the upstream routes to them and vice versa.
> Changing this to an eBGP config should be easy, you wouldn't need
> RR-client configuration anymore, and you want to investigate
> next-hop-self on your iBGP peers (possibly not a requirement as you
> had to advertise the upstream's next-hop into your IGP previously).
>
> Or do you also need to change your ASN, so you'd need to touch all
> routers? This is a larger migration task than just change one
> neighbor..
>
> please clarify..
>
> oli
>
>
> Mark Tohill <> wrote on Wednesday, July 06, 2005 5:37 PM:
>
>> I realize this is probably against rules of list but I'm reposting
>> this during what seems a busy time.
>>
>>
>>
>> Any help appreciated.
>>
>>
>>
>> Thanks,
>>
>> Mark
>>
>> ________________________________
>>
>> From: Mark Tohill
>> Sent: 05 July 2005 11:32
>> To: cisco-nsp at puck.nether.net
>> Subject: Changing from iBGP to eBGP
>>
>>
>>
>> Hi,
>>
>>
>>
>> We're hoping to change our setup with our sole up-stream provider
>> (peered with them across 2 x PoPs) from iBGP to eBGP. We hope this
>> will give us more flexibility and control in the future
>>
>>
>>
>> - we accept the full routing table.
>>
>> - advertise non-contiguous (!!!) portions our our address
>> space from each of our PoP's.
>>
>> - already secured our own ASN from RIPE.
>>
>> - have out-of-date route objects in RIPE which we are hoping
>> to amend. (or our provider, they maintain them)
>>
>> - hope to request this change fairly soon.
>>
>>
>>
>>
>>
>> Has anyone out there hands-on experience of same/similar?
>>
>>
>>
>> Apart from neighbor configuration (remote-as etc...), are there any
>> other major config changes?
>>
>>
>>
>> Are there any potential pitfalls?
>>
>>
>>
>> Thanks,
>>
>> Mark
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list