[c-nsp] Advertising connected subnet in BGP (more specific) - design advise needed

Keegan Holley keegan.holley at sungard.com
Tue Oct 18 12:15:05 EDT 2011 

As others have said you should probably make the other route a /25 as well.
Also, you may want to advertise both routes from both sides and make one
version less preferred. If one of the /25 disappears you'll blackhole
traffic.  As for outbound traffic if you add a second vrrp group as master
on the other CE as a second default gateway you can split the outbound
traffic as well if you haven't already done so.  Design wise, seems like an
IGP would be better here unless this is some kind of L3vpn service.

2011/10/18 David Prall <dcp at dcptech.com>

> Frank,
> I just played with this and it appears to be working for me:
> ip route vrf C1 172.16.1.0 255.255.255.128 GigabitEthernet 0/0 0.0.0.0
>
> I do not have a default route in the table with my configuration.
>
> David
>
> --
> http://dcp.dcptech.com
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Frank Volf
> > Sent: Tuesday, October 18, 2011 8:36 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] Advertising connected subnet in BGP (more specific) -
> > design advise needed
> >
> >
> > Hi All,
> >
> > I need some suggestions for solving this problem I'm having.
> >
> > I have a subnet 172.16.1.0/24 (that is stretched over two datacenters)
> > and that is directly connected to two CE routers A and B.
> >
> > The CE routers advertise the subnet in BGP towards the WAN, but for
> > load-balancing reasons they do not only advertise 127.16.1.0/24, but
> > also 172.16.1.0/25 (router A) and 172.16.1.128/25 (router B).
> >
> > So, from the WAN traffic is load-balanced (assuming proper distribution
> > of the server IP's in the subnet half of the servers are reached via CE
> > A and half of the servers are reached via CE B) and if the primary path
> > fails the /25 is removed from BGP and the /24 takes over the routing
> > over the other CE.
> >  From the LAN point of view, there are two VRRP groups, one being the
> > master on router A and one master on router B (with some tracking on
> > the
> > uplink).
> >
> > Summarizing, the (simplified) config looks like:
> >
> > interface GigabitEthernet0/0
> >    ip address 172.16.1.2 255.255.255.0
> >    vrrp 10 ip 172.16.1.1
> >    vrrp 10 prio 110
> >    vrrp 10 track 10 decrement 30
> >    vrrp 20 ip 172.16.1.254
> >    vrrp 20 prio 90
> >    vrrp 20 track 10 decrement 30
> >
> > ip route 172.16.1.0 255.255.255.128  GigabitEthernet0/0
> >
> > router bgp 65001
> >     neighbor 192.168.1.1 remote-as 65000
> >     network 172.16.1.0 mask 255.255.255.0
> >     network 172.16.1.0 mask 255.255.255.128
> >
> > And this works fine.
> >
> > Now comes the issue. Another network needs to be connected to the CE
> > router with a separate routing table, hence VRF's.
> >
> > So, I was thinking this must be easy:  make a VRF C1, move interface
> > g0/0 into a vrf C1, move the BGP configuration to the C1 address-family
> > and move the ip route to the VRF as well.
> >
> > The last is however a problem:
> >
> > TESTCE(config)# ip route vrf C1 172.16.1.0 255.255.255.128
> > GigabitEthernet 0/0
> > % For VPN or topology routes, must specify a next hop IP address if not
> > a point-to-point interface
> >
> > I just can't get it to work and reading Cisco documentation this is not
> > going to be fixed either. The only alternative that I can think of is
> > using BGP inject maps, but apparently they are not working in VRF's
> > either.
> >
> > I could split the subnet in two /25's and use a secondary on the
> > interface, but I consider that quiet ugly because I want to keep /24 on
> > the servers (so server-server communication on the subnet is not going
> > through the router).
> >
> > Does anybody have a suggestion how to solve this problem?
> >
> > Kind regards,
> >
> > Frank
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list