[c-nsp] BGP <-> OSPF default route failover

Sun Feb 1 11:06:13 EST 2009

As he mentioned above, I don't believe he will be receiving a default route
from the service provider that he can pass in via redistribution, so an
option available is to use the bgp "default-information originate route-map
command he mentioned". I've used this in combination with IP Sla probes and
tracking recently to get the conditional announcement, and base it upon
upstream reachibility since in my case its rare that line protocol on the
isp circuit goes down since there is an on-site service provider switching
equipment. I've used icmp probes for this, but those tend to get dropped
from time to time, I've found a tcp connect probe to port 80 on some well
known web sites seems to work pretty well at least for me. What i did was
tied up a bogus static route to a particular ip address and tied a sla tcp
connect to this, this static route is then referenced by the
default-information route map, so when the tcp connect fails, bgp pulls the
default route out. It looked liked this:

!
!
track 2 rtr 2 reachability
 delay down 10 up 120
!
!
!
router bgp 65501
 no synchronization
 bgp router-id 10.255.255.254
 bgp log-neighbor-changes
 neighbor 10.255.255.252 remote-as 65500
 neighbor 10.255.255.252 description *** eBGP Peering to HQ Switch 1 ***
 neighbor 10.255.255.252 password 7 supersekret
 neighbor 10.255.255.252 ebgp-multihop 2
 neighbor 10.255.255.252 update-source Loopback0
 neighbor 10.255.255.252 default-originate route-map
CONDITIONAL_DEFAULT_ORIGINATE
 neighbor 10.255.255.252 soft-reconfiguration inbound
 no auto-summary
!
ip route 1.1.1.1 255.255.255.255 Null0 name
Used_For_BGP_Default_Originate_DO_NOT_REMOVE track 2
ip route 0.0.0.0 0.0.0.0 upstreamisp
!

!
!
ip prefix-list TRACKED_ROUTE seq 5 permit 1.1.1.1/32
!
ip sla logging traps
ip sla schedule 1 life forever start-time now
ip sla 2
 tcp-connect 209.191.93.52 80 source-ip myipaddress source-port 52142
control disable
 timeout 5000
 frequency 10
ip sla reaction-configuration 2 react timeout threshold-type consecutive 2
action-type trapOnly
ip sla schedule 2 life forever start-time now
!
!
route-map CONDITIONAL_DEFAULT_ORIGINATE permit 10
 match ip address prefix-list TRACKED_ROUTE

Keep in mind, if you have an iBGP adjacencies between the two routers, and
one of the routers is losing it's ebgp default route, and is now preferring
that default route via ibgp via the internal peering AND doing
redistribution into an IGP ie OSPF then you must use the BGP redistribute
internal, bgp process level command. This is in specific scenarios.

HTH,

Nick Griffin

On Sat, Jan 31, 2009 at 12:50 PM, Pete S. <pshuleski at gmail.com> wrote:

> I'd imagine you aren't completely redistributing your bgp tables into
> OSFP, and from your diagram I'll assume you are doing ibgp between
> your edge routers already.  So build a prefix list, and route-map,
> which permits only the default route from bgp.  Redistribute the bgp
> process into ospf, based on that route-map, as an E1 type.  This will
> put the default into your ospf area, and traffic will flow towards the
> closest exit.  If you rather a primary/secondary, use the ospf E2 type
> and assign a large metric to your secondary.
>
> I haven't checked the syntax, but this should probably point you in
> the right direction.
>
> !On your BGP routers
> !
> ip prefix-list bgp_default->ospf seq 5 permit 0.0.0.0/0
> ip prefix-list bgp_default->ospf seq 100 deny 0.0.0.0/0 ge 1 le 24
> !
> route-map bgp->ospf permit 10
>  match ip address prefix-list bgp_default->ospf
> !
> router ospf 100
>  ! I assign an arbitrary site ID, and then prepend my AS onto it but
> whatever suits you, tag is optional
>  ! select your own metric-type and metric depending on the exit
> behavior you want.
>  redistribute bgp 65535 metric-type 2 metric 100  tag 6553501
> route-map bgp->ospf
> !
> !
>
>
>
> --Pete
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>