Question

BGP redistribution into iGP for optimal routing

Asked by: disca1

We have 2 Cisco 3750's (EMI) in stackwise configuration. We have 2 Cisco 7204 VXR's each connected to a different 3750 and externally to multiple ISP's running BGP. We have multiple racks - each rack has a 10/100 switch (public lan) usually HP Procurve 2626 and a Gigabit switch (Private Lan) usually HP Procurve 2824. Switches are connected to alternate Ciscos and will be running MSTP to create a redundant ring to each rack (not configured yet though..).

All clients are in private vlans and have their gateway interface on the Cisco 3750 stack. The routers have static routes for each subnet pointing towards the 3750 and a null route to drop all other traffic on unused subnets. The Cisco 3750 stack has a default route to a HSRP IP floating between the two routers.

The HSRP floating IP method means that one router gets all the traffic and then sends traffic over to the other if that route is more preferable. Obviously this isn't a fantastic design and will give us problems when we get nearer to the interface speeds.

My proposal to fix this is to redistribute some of the BGP table into OSPF and run OSPF on the 3750 Stack so the 3750 can make a more educated choice in its routing decision. In O'Reilly "BGP" book it gives an example of this as follows:-

(should restrict to only match routes with an AS Path of up to 4 ASes in it)
router ospf 3
  redistribute bgp 60055 subnets route-map LIMITRED
  default-information originate metric 20
  network 192.0.2.0 0.0.0.255 area 0
!
ip as-path access-list 23 permit .+_.+_.+_.+
!
access-list 33 permit 192.0.254.17
!
route-map LIMITRED deny 10
  match as-path 23
!
route-map LIMITRED permit 20
  match ip next-hop 33
!

Questions:

1) Any disadvantages to doing this?

2) Could I achieve the same by extending iBGP to also run on the 3750 and applying a similar as-path filter as above to keep the BGP table from filling up the available memory?
Which would be less resource intensive etc?
If this is a better direction then would it be better to filter the BGP table being advertised from the cisco routers as well as filtering incoming on the 3750 to reduce the resources taken to apply the filter on each update?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-14 at 06:24:22ID24652802
Tags

OSPF

,

BGP

,

Cisco

Topics

Network Design & Methodology

,

Network Routers

,

Miscellaneous Networking

Participating Experts
2
Points
500
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. BGP redistribution into OSPF
    I have a BGP network that I want to redistribute into my OSPF network. I did: router ospf 1 redistrbute bgp 65534 metric 100 but I don't see any of the BGP networks being advertised. Is there something else I need to do?
  2. How to Redistribute BGP to OSPF
    I have EBGP deployed on my Cisco 3825 Routers. I am having Cisco 3750 in HSRP and OSPF Deployed in area o. The router also has OSPF in area 0. I am unable to redistribute routers from BGP to OSPF. I have given the command on route log-adj changes redistribute bgp MYAS subn...
  3. MPLS with BGP and EIGRP
    Hello, I'm new to the whole MPLS Setup. I'm trying to connect remote sides using BGP on the providers side and EIGRP on our side. I'm able to ping router from router on each side trough MPLS network but can not ping my network. This is private network ....No Internet access t...
  4. Redistribution of OSPF to BGP and back
    I have four routers - A B C and D. A and B are at site Alpha and C and D are at site Beta. Routers B and C and connect to each other via iBGP. Router A is on the same LAN as B and C and D are on the same LAN. Router A has subnet 192.168.55.0/24 and Router D subnet 192.168...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: marmata75Posted on 2009-08-14 at 07:48:18ID: 25098614

You may find it easier to implement gblp on your borders. You'll achieve both redundancy and almost perfect load balancing, without putting unnecessary burden on our 3750 stack. You may see a full description here: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html or a quick start here.
Your platforms supports it, so go with it, it's really easy to implement and works fine!

Cheers,
]\/[arco

 

by: disca1Posted on 2009-08-14 at 08:14:29ID: 25098899

Hi ]\/[arco,

Thanks for your reply. I'm having a read into GBLP now. Am I correct in saying its just a gateway load balancing protocol. I.e the routing decisions arent educated they are just to split the load over multiple gateways. The traffic that hit those routers though would probably have a good chance of needing to be forwarded to another? I.e better then my current setup but not ideal.

My thoughts behind re-distributing some of the routes onto the 3750 was so that it can make an optimal routing decision (I believe it can route somewhat rapidly as it uses hardware rather than software?) - so if there was 3 routers (2 transit, 1 peering) it sends the traffic to the ideal gateway.

Know any good consultants who can help with these kinda questions 'offline'?

Thanks,
Mike

 

by: disca1Posted on 2009-08-14 at 08:24:21ID: 25099025

Just to follow this up - at the moment all the clients gateways are set to the VLAN IP's on the 3750 stack. GBLP appears from what I've read work by giving a different MAC out as a reply to different ARP requests. Surely in my setup where it is the cisco 3750 issuing the ARP request for the virtual IP (and then caching it?) it would not result in the desired effect? (I understand how it would work if hosts were issuing those queries though...).

 

by: JWCastilePosted on 2009-08-14 at 10:47:50ID: 25100491

If you're receiving at least partial/local routes from your provider on each circuit, you can directly peer with your 3750 from each router and then redistribute those routes into an IGP.  There are several Campus Design Guides at http://www.cisco.com/go/srnd that you can review that will go over some of your options.

If you have a firewall between your router and your 3750's, you can still do this.  You'll just need to open TCP 179 on your firewall, and then create a static route on your 3750 directing traffic to the BGP peer to the inside address of the firewall.

I've done this with dozens of clients, all with great results.

 

by: disca1Posted on 2009-08-14 at 10:56:50ID: 25100572

Hi JWCastile,

Thanks for your input. I'll check out the URL you linked to - not seen that before.

We take full routes at the moment. No firewall between router and 3750 - we firewall either on the end devices or in between the 3750 and client vlan on some other kit.

Just clarify your comment "directly peer with your 3750" - as in set up an iBGP peer between the 3750 and routers as I suggested above with the necessary filters to restrict the number of routes?

Thanks,
Mike

 

by: JWCastilePosted on 2009-08-14 at 11:11:15ID: 25100727

You can peer eBGP or iBGP, just remember to do next-hop-self. if you do iBGP  There's no harm in configuring a private AS on your 3750 and peering that way.  Regardless of how you do the peering, you'll want to configure filters.

 

by: marmata75Posted on 2009-08-15 at 00:18:17ID: 25104453

Hi Mike,

yes GBLP is just like HSRP (it provides redundancy for the gateway) but just is able to load balance the traffic between the two or more gateways. The final routing decision is still done by the routers. Of course based on your upstream you'll need to tweak it. i.e. if now one of the borders is forwarding 80% of the traffic because it has better paths, and the other is forwarding the other 20%, you can tweak the weights to that 80% would go to the router with better upstream connectivity, and save bandwidth on your internal path.
Only your 3750s will see the different mac addresses of your routers, so yes, you can achieve load balancing from the 3750 point of view, not from the clients point of view. Still better than nothing of course! ;)
If you prefer to go the routing way, I'd just make the 3750 speak eBGP with the other routes via a private AS. But now you'll have to choose which subset of the routing table giving to them! 3750s support at most 11000 routes in the sdm routing template, so you'll probably want to feed them just with your providers route, and some big providers one. They'll never be able to make the 'perfect' decision, as they won't have the full table anyway!

Cheers,
]\/[arco

 

by: disca1Posted on 2009-08-15 at 00:37:34ID: 25104481

Hi ]\/[arco,

Ok - just been playing with some regexp's for say 2 as path in length and its actually quite tricky to fit in with that 11K - so should be interesting that one :-). Primarily I'm only really after the peering routes as In this scenario that should take the majority of the traffic luckily.

Re eBGP using private AS - presumably the 3750 on private AS advertises no routes in this config - just receives and filters. Out of interest what is the advantage of doing eBGP rather than iBGP in this scenario?

Presumably on the routers I only advertise the regexp'd routes and I put the same filters on the 3750 along with a maximum prefix statement to prevent it ever over flowing the TCAM?

Could I also replace my HSRP setup in this scenario by advertising default on both routers to the 3750? or better to leave in place with corresponding static route as a last resort?

Thanks,
Mike

 

by: marmata75Posted on 2009-08-15 at 01:16:19ID: 25104545

Hi Mike,
I suggested using eBGP because iBGP assumes that all the routing exchange happens without filtering between parties. This is of course not what you want, as your 3750 will blow arriving at 11000 routes! ;)
With very careful thinking and some simulation you can try to achieve a result with plain iBGP, but I think this is not worth the extra effort!

So you'll threat your 3750 as a 'customer' who just wants to take IXP routes from you. You'll have incoming routes tagged with a  certain community at your IXP router (you can choose a different tag per provider and/or per IXP. You'll then attach all the relevant communities to the route, such as 'route learn at an IXP, route learnt at IXP1, route learn from Peering Partner XYZ), and you'll advertise just those routes, together with a default to your 3750s.
At the same time, I'd setup OSPF between the 3750s and the borders, to exchange the internal routes. So that you don't have  to mantain the list of static routes like you're doing now. As soon as an interface comes up with an ip configured, their ips are announce via ospf, and all the routers know where to send the traffic!
At the same time yes, you can do everything with dynamic routing and remove the hsrp and the static default. I'd just keep an high admin distance static for backup in case the routing breaks for some configuration hiccup, bug or who knows! :)

Cheers,
]\/[arco

 

by: disca1Posted on 2009-08-15 at 01:18:44ID: 25104548

Hi ]\/[arco,

Good advice again - thanks :-)

Now to get on with implementing it...

Thanks,

Mike

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...