Solved

iBGP OSPF interaction

Posted on 2007-12-03
9
1,200 Views
Last Modified: 2009-12-16
Hi there! I've got a question regarding iBGP and OSPF. A bit confused really...Hope someone can clear it up.

Here's what we got:


ISP1  ISP2                 ISP1  ISP2
     |  |                              |   |
     |  |                              |   |
   Router1 -------------  Router2

Now router1 amd 2 are running iBGP and OSPF. I've got the following links between us and ips1 and 2:


Router1 --- isp1 - 195.xx.xx.xx/29
Router1 --- isp2 - 87.xx.xx.164/30

Similar for router 2:

Router2 --- isp1 - 195.xx.xx.xx/29
Router2 --- isp2 - 87.xx.xx.200/30

OSPF is running between the 2 routers (For iBGP TCP connection), only one interface is included in ospf (only the one that connects the 2 routers) which makes sense. I didn't set this up, but just trying to understand why under ospf, the subnets connected to isp1 and 2 are included in the network statement on both routers?

 I am not sure what the purpose is but wouldn't we be ok just by including our network subnet in the network statement and not the whole lot especially since we are using 'no synchronisation' under BGP? We are advertising only 2 subnets (see below) in BGP.

i.e.

router ospf 10
net 195.xx.xx.xx/29  (does this need to be here??)
net 87.xx.xx.164/30   (does this need to be here??)
net 91.x.x.x/23 (our network)
net net 195.x.x.x/24 (our network)

Similar setup on both routers for OSPF. Just trying to understand the interaction of iBGP and OSPF. I hope I have explained this well enough?

0
Comment
Question by:mmbecks7
  • 5
  • 4
9 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
ID: 20396635
Thsi is done because BGP will not modify the next hop attribute unless to do so. So, routes recieved
from ISP1 and ISP2 will have a next hop of the IP address of the interface of ISP1 and ISP2 routers.
When your routers receive route information from ISP1 and ISP2 the next HOP will not change no matter how many routers into your network you go. So, for your routers to know how to get to the next hop or even better for your router to install those routes, the next hop must be reachable.

Example. lets say the connection to ISP1 and ISP2 goes down on router 2, router two has a route for isp1 via BGP from router1, however the next hop will be the ISP1 peering interface. Router 2 will not know how to get there unless the interface is in OSPF.

make sense?

harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 20396668
Oops typo:

This is done because BGP will not modify the next hop attribute unless told do so. So, routes recieved
from ISP1 and ISP2 will have a next hop address  of the IP addresses of the peering interfaces of each ISP1 and ISP2 router.  When your routers receive route information from ISP1 and ISP2 the next HOP will not change no matter how many routers into your network you go. So, for your routers to know how to get to the next hop or even better for your routers to install those routes, the next hop must be reachable.

Example. lets say the connection to ISP1 and ISP2 goes down on router 2, router two has a route for isp1 via BGP from router1, however the next hop will be the ISP1 peering interface. Router 2 will not know how to get there unless the interface is in OSPF.

make sense?

harbor235 ;}


0
 

Author Comment

by:mmbecks7
ID: 20396760
Thanks for that! Yes that makes complete sense :) If we were using 'neighbor xx.xx.xx.xx next-hop-self' with our peers for both iBGP and eBGP would we then not need to do this? Or will this still be needed?

Also, Could we use static routes instead of ospf, e.g?

many thanks
0
 
LVL 32

Expert Comment

by:harbor235
ID: 20397233
next-hop-self will modify this behavior and is a viable solution. However, a dynamic routing protocol is far superior to static routing. There are failure scenarios with static routing that potentially will black hole your traffic, what you have in place is a solid configuration, why do you wish to change it?

Ideally, you want a configuration that will give you high availability, your configuration does that.
You may think about adding a weighted static route tied to an interface, this would allow you to route traffic even though BGP faled but your connection is still up.

Without further details I would say your config is fine. The one thing that sticks out to me is that you have two connections per router (ISP1 and ISP2), are they geographically diverse? You have the cross
connect between Router 1 and router 2, from my perspective and a limited view of your configuration I do not see why you need 4 external connections, 2 should be fine. Again, do not change anything , there may be a reason for this.

harbor235 ;}
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 

Author Comment

by:mmbecks7
ID: 20397874
No I won't be changing it lol Just wanted to satisfy my curiousity :) So it wouldn't harm to have the next-hop-self command and also include all above interfaces in ospf?

Using static routes - Would I need to setup a static route to each interface (the one to isp1 and one to isp2?) - Just out of curiousity :)

Regarding your question, yes the 2 providers are geographically diverse (but we are getting full routes from isp1 and parital from isp2 (cheaper :)) and we are running hsrp on the routers.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 20400771
If you have the peering interfaces in OSPF there is no need to use the next-hop-self, but it should not hurt anything.

As far as the statics go , I would as statics as a backup to routes not in your BGP table (maybe because of filtering on BGP down). I would add a static to each peering router with a different cost, this will give you 3 possible failover links, I would also track the interface so if the interface goes down the route is withdrawn.

harbor235 ;}
0
 

Author Comment

by:mmbecks7
ID: 20407537
Many thanks for your help! This clarified my doubts!
0
 

Author Comment

by:mmbecks7
ID: 20407546
I was wondering if u provide consultancy services? :)
0
 
LVL 32

Expert Comment

by:harbor235
ID: 20407559

If you like here is my outside email address.

harbor235@gmail.com

0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now