[c-nsp] Advertising connected subnet in BGP (more specific) - design advise needed

Frank Volf frank at deze.org
Tue Oct 18 08:36:05 EDT 2011 

Hi All,

I need some suggestions for solving this problem I'm having.

I have a subnet 172.16.1.0/24 (that is stretched over two datacenters) 
and that is directly connected to two CE routers A and B.

The CE routers advertise the subnet in BGP towards the WAN, but for 
load-balancing reasons they do not only advertise 127.16.1.0/24, but 
also 172.16.1.0/25 (router A) and 172.16.1.128/25 (router B).

So, from the WAN traffic is load-balanced (assuming proper distribution 
of the server IP's in the subnet half of the servers are reached via CE 
A and half of the servers are reached via CE B) and if the primary path 
fails the /25 is removed from BGP and the /24 takes over the routing 
over the other CE.
 From the LAN point of view, there are two VRRP groups, one being the 
master on router A and one master on router B (with some tracking on the 
uplink).

Summarizing, the (simplified) config looks like:

interface GigabitEthernet0/0
   ip address 172.16.1.2 255.255.255.0
   vrrp 10 ip 172.16.1.1
   vrrp 10 prio 110
   vrrp 10 track 10 decrement 30
   vrrp 20 ip 172.16.1.254
   vrrp 20 prio 90
   vrrp 20 track 10 decrement 30

ip route 172.16.1.0 255.255.255.128  GigabitEthernet0/0

router bgp 65001
    neighbor 192.168.1.1 remote-as 65000
    network 172.16.1.0 mask 255.255.255.0
    network 172.16.1.0 mask 255.255.255.128

And this works fine.

Now comes the issue. Another network needs to be connected to the CE 
router with a separate routing table, hence VRF's.

So, I was thinking this must be easy:  make a VRF C1, move interface 
g0/0 into a vrf C1, move the BGP configuration to the C1 address-family 
and move the ip route to the VRF as well.

The last is however a problem:

TESTCE(config)# ip route vrf C1 172.16.1.0 255.255.255.128 
GigabitEthernet 0/0
% For VPN or topology routes, must specify a next hop IP address if not 
a point-to-point interface

I just can't get it to work and reading Cisco documentation this is not 
going to be fixed either. The only alternative that I can think of is 
using BGP inject maps, but apparently they are not working in VRF's either.

I could split the subnet in two /25's and use a secondary on the 
interface, but I consider that quiet ugly because I want to keep /24 on 
the servers (so server-server communication on the subnet is not going 
through the router).

Does anybody have a suggestion how to solve this problem?

Kind regards,

Frank

More information about the cisco-nsp mailing list