[c-nsp] Redistributing certain BGP routes into OSPF

Christopher J. Wargaski wargo1 at gmail.com
Tue Apr 26 01:11:06 EDT 2011


I have eBGP multi-hop set up between a third party provider's router in a
DMZ and a branch router as such:


Indy-Rtr--------------ASA inside interface
                          ASA DMZ
interface------------------DMZ-Rtr---(T-1)----PSvrs

Indy-Rtr = 10.2.1.1
DMZ-Rtr = 10.0.22.50
ASA-inside = 10.2.1.3
ASA-DMZ = 10.0.22.1


The Indy-Rtr and the DMZ-Rtr exchange BGP routes just fine. Some of the
traffic from the Indy branch must pass through the ASA and through the DMZ
router to access some servers (PSvrs). I presently have static routes on the
ASA so it knows which interface to route the traffic bound for the PSvrs.

I presently redistribute some of the enterprise network routes from BGP into
OSPF as such:
router ospf 10
 router-id 192.168.254.2
 log-adjacency-changes
 redistribute bgp 65001 subnets route-map BGP-to-OSPF
 passive-interface FastEthernet0/1
 passive-interface Serial0/0/0
 passive-interface Serial0/1/0
 network 10.2.0.0 0.0.7.255 area 0
 network 10.2.8.0 0.0.7.255 area 0
 network 192.168.0.0 0.0.0.255 area 0

route-map BGP-to-OSPF permit 10
 match ip address 10

access-list 10 remark ACL for BGP route map
access-list 10 permit 10.0.0.0 0.7.255.255
access-list 10 permit 10.9.0.0 0.0.255.255
access-list 10 permit 192.168.0.0 0.0.7.255
access-list 10 permit 192.168.9.0 0.0.0.255
access-list 10 permit 10.8.0.0 0.0.255.255
access-list 10 permit 192.0.0.0 0.255.255.255

   What I would like to do is take the routes that the Indy-Rtr receives
from the DMZ router and send them to the ASA in OSPF. Easy enough, I can
match on the IP address for the source of those routes and set the next hop,
right? Something like this:

route-map Stinky permit 10
 match ip route-source 11
 set ip next-hop 10.0.22.50

access-list 11 remark ACL for Stinky route map
access-list 11 permit host 10.0.22.50

   When I apply this route-map (to OSPF), the routes are indeed
redistributed, but the next hop is set as 10.2.1.1, the F0/0 IP address
configured on the Indy router. Harumph!

   Am I trying to teach a pig to sing here or do you think this is doable?
If the latter, what might I be doing wrong?

Regards,
cjw


More information about the cisco-nsp mailing list