[c-nsp] Advertising connected subnet in BGP (more specific) - design advise needed

Sergey Nikitin oldnick at oldnick.ru
Tue Oct 18 09:46:03 EDT 2011 

I think if you just add secondary address with netmask /25, you will get 
what you want, and server-server communication will not be through the 
router:

 > interface GigabitEthernet0/0
 >   ip address 172.16.1.2 255.255.255.0
ip address 172.16.1.3 255.255.255.128 secondary
 >   vrrp 10 ip 172.16.1.1

and you will not need "ip route..."

HTH

Frank Volf wrote:
> 
> Hi All,
> 
> I need some suggestions for solving this problem I'm having.
> 
> I have a subnet 172.16.1.0/24 (that is stretched over two datacenters) 
> and that is directly connected to two CE routers A and B.
> 
> The CE routers advertise the subnet in BGP towards the WAN, but for 
> load-balancing reasons they do not only advertise 127.16.1.0/24, but 
> also 172.16.1.0/25 (router A) and 172.16.1.128/25 (router B).
> 
> So, from the WAN traffic is load-balanced (assuming proper distribution 
> of the server IP's in the subnet half of the servers are reached via CE 
> A and half of the servers are reached via CE B) and if the primary path 
> fails the /25 is removed from BGP and the /24 takes over the routing 
> over the other CE.
>  From the LAN point of view, there are two VRRP groups, one being the 
> master on router A and one master on router B (with some tracking on the 
> uplink).
> 
> Summarizing, the (simplified) config looks like:
> 
> interface GigabitEthernet0/0
>   ip address 172.16.1.2 255.255.255.0
>   vrrp 10 ip 172.16.1.1
>   vrrp 10 prio 110
>   vrrp 10 track 10 decrement 30
>   vrrp 20 ip 172.16.1.254
>   vrrp 20 prio 90
>   vrrp 20 track 10 decrement 30
> 
> ip route 172.16.1.0 255.255.255.128  GigabitEthernet0/0
> 
> router bgp 65001
>    neighbor 192.168.1.1 remote-as 65000
>    network 172.16.1.0 mask 255.255.255.0
>    network 172.16.1.0 mask 255.255.255.128
> 
> And this works fine.
> 
> Now comes the issue. Another network needs to be connected to the CE 
> router with a separate routing table, hence VRF's.
> 
> So, I was thinking this must be easy:  make a VRF C1, move interface 
> g0/0 into a vrf C1, move the BGP configuration to the C1 address-family 
> and move the ip route to the VRF as well.
> 
> The last is however a problem:
> 
> TESTCE(config)# ip route vrf C1 172.16.1.0 255.255.255.128 
> GigabitEthernet 0/0
> % For VPN or topology routes, must specify a next hop IP address if not 
> a point-to-point interface
> 
> I just can't get it to work and reading Cisco documentation this is not 
> going to be fixed either. The only alternative that I can think of is 
> using BGP inject maps, but apparently they are not working in VRF's either.
> 
> I could split the subnet in two /25's and use a secondary on the 
> interface, but I consider that quiet ugly because I want to keep /24 on 
> the servers (so server-server communication on the subnet is not going 
> through the router).
> 
> Does anybody have a suggestion how to solve this problem?
> 
> Kind regards,
> 
> Frank
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list