[c-nsp] BGP <-> OSPF default route failover
Nick Griffin
nick.jon.griffin at gmail.com
Sun Feb 1 11:06:13 EST 2009
As he mentioned above, I don't believe he will be receiving a default route
from the service provider that he can pass in via redistribution, so an
option available is to use the bgp "default-information originate route-map
command he mentioned". I've used this in combination with IP Sla probes and
tracking recently to get the conditional announcement, and base it upon
upstream reachibility since in my case its rare that line protocol on the
isp circuit goes down since there is an on-site service provider switching
equipment. I've used icmp probes for this, but those tend to get dropped
from time to time, I've found a tcp connect probe to port 80 on some well
known web sites seems to work pretty well at least for me. What i did was
tied up a bogus static route to a particular ip address and tied a sla tcp
connect to this, this static route is then referenced by the
default-information route map, so when the tcp connect fails, bgp pulls the
default route out. It looked liked this:
!
!
track 2 rtr 2 reachability
delay down 10 up 120
!
!
!
router bgp 65501
no synchronization
bgp router-id 10.255.255.254
bgp log-neighbor-changes
neighbor 10.255.255.252 remote-as 65500
neighbor 10.255.255.252 description *** eBGP Peering to HQ Switch 1 ***
neighbor 10.255.255.252 password 7 supersekret
neighbor 10.255.255.252 ebgp-multihop 2
neighbor 10.255.255.252 update-source Loopback0
neighbor 10.255.255.252 default-originate route-map
CONDITIONAL_DEFAULT_ORIGINATE
neighbor 10.255.255.252 soft-reconfiguration inbound
no auto-summary
!
ip route 1.1.1.1 255.255.255.255 Null0 name
Used_For_BGP_Default_Originate_DO_NOT_REMOVE track 2
ip route 0.0.0.0 0.0.0.0 upstreamisp
!
!
!
ip prefix-list TRACKED_ROUTE seq 5 permit 1.1.1.1/32
!
ip sla logging traps
ip sla schedule 1 life forever start-time now
ip sla 2
tcp-connect 209.191.93.52 80 source-ip myipaddress source-port 52142
control disable
timeout 5000
frequency 10
ip sla reaction-configuration 2 react timeout threshold-type consecutive 2
action-type trapOnly
ip sla schedule 2 life forever start-time now
!
!
route-map CONDITIONAL_DEFAULT_ORIGINATE permit 10
match ip address prefix-list TRACKED_ROUTE
Keep in mind, if you have an iBGP adjacencies between the two routers, and
one of the routers is losing it's ebgp default route, and is now preferring
that default route via ibgp via the internal peering AND doing
redistribution into an IGP ie OSPF then you must use the BGP redistribute
internal, bgp process level command. This is in specific scenarios.
HTH,
Nick Griffin
On Sat, Jan 31, 2009 at 12:50 PM, Pete S. <pshuleski at gmail.com> wrote:
> I'd imagine you aren't completely redistributing your bgp tables into
> OSFP, and from your diagram I'll assume you are doing ibgp between
> your edge routers already. So build a prefix list, and route-map,
> which permits only the default route from bgp. Redistribute the bgp
> process into ospf, based on that route-map, as an E1 type. This will
> put the default into your ospf area, and traffic will flow towards the
> closest exit. If you rather a primary/secondary, use the ospf E2 type
> and assign a large metric to your secondary.
>
> I haven't checked the syntax, but this should probably point you in
> the right direction.
>
> !On your BGP routers
> !
> ip prefix-list bgp_default->ospf seq 5 permit 0.0.0.0/0
> ip prefix-list bgp_default->ospf seq 100 deny 0.0.0.0/0 ge 1 le 24
> !
> route-map bgp->ospf permit 10
> match ip address prefix-list bgp_default->ospf
> !
> router ospf 100
> ! I assign an arbitrary site ID, and then prepend my AS onto it but
> whatever suits you, tag is optional
> ! select your own metric-type and metric depending on the exit
> behavior you want.
> redistribute bgp 65535 metric-type 2 metric 100 tag 6553501
> route-map bgp->ospf
> !
> !
>
>
>
> --Pete
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list