BGP in DMVPN

I would like to have an Expert explain line by line (in plain English) the configuration below.

Thank you in advance.

Hub(config)#ip route 0.0.0.0 0.0.0.0 null 0
Hub(config)#ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0
Hub(config)#route-map SPOKE_ROUTERS permit 10
Hub(config-route-map)#match ip address prefix-list DEFAULT_ROUTE

Hub(config)#router bgp 65001
Hub(config-router)#bgp listen range 172.16.123.0/24 peer-group DMVPN_SPOKES
Hub(config-router)#neighbor DMVPN_SPOKES peer-group 
Hub(config-router)#neighbor DMVPN_SPOKES remote-as 65023
Hub(config-router)#neighbor DMVPN_SPOKES route-map SPOKE_ROUTERS out
Hub(config-router)#network 0.0.0.0 mask 0.0.0.0

Open in new window

jskfanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
Hub(config)#ip route 0.0.0.0 0.0.0.0 null 0
BGP needs exact match in routing table to be able to advertise route. So to advertise default route, default route with discard destination null0 is created.
Hub(config)#ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0

Hub(config)#route-map SPOKE_ROUTERS permit 10
Hub(config-route-map)#match ip address prefix-list DEFAULT_ROUTE
Filtering routes that will be advertised to neighbors. Hub will only advertise default route to its neighbors (route-map applied to peer-group in OUT direction).
Hub(config)#router bgp 65001

Hub(config-router)#bgp listen range 172.16.123.0/24 peer-group DMVPN_SPOKES
Dynamic neighbor discovery for BGP. All dynamically discovered neighbors are assigned to peer group DMVPN_SPOKES.
Hub(config-router)#neighbor DMVPN_SPOKES peer-group
Hub(config-router)#neighbor DMVPN_SPOKES remote-as 65023
Hub(config-router)#neighbor DMVPN_SPOKES route-map SPOKE_ROUTERS out
Configuring all dynamically discovered neighbors as eBGP neighbors in AS 65023 and filtering route advertisement to neighbors in peer-group DMVPN_SPOKES.
Hub(config-router)#network 0.0.0.0 mask 0.0.0.0
Advertising default route into BGP.
0
jskfanAuthor Commented:
Hub(config)#ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0
**The Prefix-list above is permitting everything.  It does not specify if it is IN or OUT, but the calling of the route-map :neighbor DMVPN_SPOKES route-map SPOKE_ROUTERS out , means OUT.

If the prefix-list is permitting everything , what does this do : Hub(config)#ip route 0.0.0.0 0.0.0.0 null 0
If I understand :Hub(config)#ip route 0.0.0.0 0.0.0.0 null 0   means any route that is not specific ,discard it.
0
JustInCaseCommented:
ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0 le 32 would permit every route.
ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0 is permitting only default route (since at the end of prefix list is implicit deny any).

IN or out is specified in neighbor statement that's why I wrote
(route-map applied to peer-group in OUT direction)
ip route 0.0.0.0 0.0.0.0 null 0 - means any packet that  don't have match to more specific route than default route, discard packet.
It is just regular discarding ip route and there is nothing special about it. The reason why default route is configured is - if there is no default route present in routing table of advertising BGP router, it would not be able to advertise default route to spokes via network command (command network 0.0.0.0 mask 0.0.0.0 may not have exact match in routing table to be considered valid to be advertised via BGP).
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

jskfanAuthor Commented:

ip route 0.0.0.0 0.0.0.0 null 0 - means any packet that  don't have match to more specific route than default route, discard packet.

does that mean : if a route matches the Default route or a route matches a specific route , let it pass to its destination.
If a route does not match the  Default route or a route matches a specific route, Discard it.

**If we did not have :ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0
does that mean : Only specific routes will pass the rest will be discarded
0
JustInCaseCommented:
does that mean : if a route matches the Default route or a route matches a specific route , let it pass to its destination.
No, it means packet as already stated. Routes never matches default route (can point to the same next hop, but I would not call it "matching"), packet destinations do. Function of this static route is just to make sure that there is matching route 0.0.0.0/0 so it can be advertised into BGP. Remember the rules for advertising routes into BGP (to be advertised by network command route must be present in routing table and have exact match to be advertised) if either network portion or subnet does not match - route will not be advertised into BGP.

BGP Case Studies
Network Command


The format of the network command is:

    network network-number [mask network-mask]

The network command controls the networks that originate from this box. This concept is different than the familiar configuration with Interior Gateway Routing Protocol (IGRP) and RIP. With this command, you do not try to run BGP on a certain interface. Instead, you try to indicate to BGP what networks BGP should originate from this box. The command uses a mask portion because BGP version 4 (BGP4) can handle subnetting and supernetting. A maximum of 200 entries of the network command are acceptable.

The network command works if the router knows the network that you attempt to advertise, whether connected, static, or learned dynamically.

An example of the network command is:

    RTA#
    router bgp 1
    network 192.213.0.0 mask 255.255.0.0
    ip route 192.213.0.0 255.255.0.0 null 0

This example indicates that router A generates a network entry for 192.213.0.0/16. The /16 indicates that you use a supernet of the class C address and you advertise the first two octets, or first 16 bits.

Note: You need the static route to get the router to generate 192.213.0.0 because the static route puts a matching entry in the routing table.
Or tshoot guide
Troubleshooting When BGP Routes Are Not Advertised

**If we did not have :ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0
does that mean : Only specific routes will pass the rest will be discarded
Yes. Only default route will match this prefix list.
0
jskfanAuthor Commented:
Ok so this statement : Hub(config)#ip route 0.0.0.0 0.0.0.0 null 0
is there just so that  the  Match command will catch the Default route specified below:
ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0
Hub(config-route-map)#match ip address prefix-list DEFAULT_ROUTE


if we did not have: Hub(config)#ip route 0.0.0.0 0.0.0.0 null 0
Match will not catch the default route.
0
JustInCaseCommented:
Statement is, in the first place, there to match network 0.0.0.0 mask 0.0.0.0 command.

If network command does not have exact match in routing table, BGP would not be able to advertise default route.

Only if default route is advertised via BGP, then default route will be only match to the prefix-list used by route-map.
0
jskfanAuthor Commented:
OK,

network 0.0.0.0 mask 0.0.0.0 : This command is advertising Default Route

ip route 0.0.0.0 0.0.0.0 null 0 this one is Discarding Default Route.

ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0 : This is permitting Default Route, it will be used in the route-map

My confusion is,  if the Default Route is Discarded, how would it get advertised ?
0
JustInCaseCommented:
Default route is not discarded. Default route is pointing to null 0 which means that traffic that has no more specific route will be discarded.
This is simple example how to look at it:
ip route 0.0.0.0 0.0.0.0 null 0
ip route 10.0.0.0 255.0.0.0 x.x.x.x
ip route 192.168.0.0 255.255.0.0 x.x.x.x
and lets say that there are no other routes in routing table

Traffic that matches destination with more specific routes than default route will be forwarded (packets destined to 10.0.0.0/8 or 192.168.0.0/16 will be forwarded to next hop x.x.x.x), however packets that matches to default route will be dropped (any other destination, e.g packet destined to 1.8.9.1 or 172.18.3.2 will be dropped, since the best route to deliver those packets is default route and default route is pointing to null 0).
0
jskfanAuthor Commented:
Predrag Jovic

you stated:
however packets that matches to default route will be dropped

so  the Default Route pointing to Null0 , will be dropped ?  
In the Code I posted in my question, will default route be advertised to the Spokes or Dropped ? If it will be advertised then what will make it advertised ?
0
JustInCaseCommented:
Routers are forwarding packets.
Routers forward packets if there are matching routes to packet destinations in routing table.

packets that matches to default route will be dropped

Once again: Route will not be dropped, packets matching route that points to null 0 (longest matching prefix) as the next-hop will be dropped.
Default route will exist and will be advertised to hubs.
0
jskfanAuthor Commented:
I guess and I hope I got it now.
this :ip route 0.0.0.0 0.0.0.0 null 0 , will create default route in the routing table, so that this:network 0.0.0.0 mask 0.0.0.0 , can advertise it.

without this ip route 0.0.0.0 0.0.0.0 null 0   then this network 0.0.0.0 mask 0.0.0.0 , has no meaning
0
JustInCaseCommented:
Yes, that's it.
0
jskfanAuthor Commented:
OK..Almost there..

**network 0.0.0.0  in other IGP protocols, means advertise all the networks attached to the interfaces on this Router.
I wonder if it means something different in BGP. if I am not wrong you stated that it means advertise default route in BGP.

*** Now when the Hub advertises the default route  to the spokes, then does that mean the Spokes should reach the Networks through the hub using either specific route that the Hub knows about OR default route?  if they use a route that the Hub does not know about, it will be discarded ?
0
JustInCaseCommented:
In BGP it means exactly as it says... advertise exactly netwtork 0.0.0.0 with subnet mask 0.0.0.0 (default route).
If spokes only get default route from hub, it will add only default route in routing table, hub obviously is allowed only to advertise default route. Hub will get routes from all spokes, but will advertise to spokes only default route. Traffic that is matching only to default route (as it is configured in the example) will be dropped (no more specific route present).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
So each Spoke reaches the Networks  behind the Hub  or behind the other spoke using Default Route ?
0
jskfanAuthor Commented:
Thank you for your time of explaining the topic
0
JustInCaseCommented:
You're welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.