Routing Concept done by CCIE

mattsthe2 · May 2009

Ok so im reviewing the config done by a CCIE that no longer works here and i wanted to get the grasp of the concept.

This is a remote Site with a bunch of clusters switches and one edge WAN router.

Switch-cluster has the following config:

VLAN 20: Voice 192.168.6.0 /24
VLAN 10: Data (clients and servers live here) 192.168.5.0 /24
VLAN 1: (not sure what this VLAN is for) 192.168.7.5 /26
VLAN 40: 192.168.7.66 /26

Router eigrp 100
network 192.168.5.0
network 192.168.6.0
network 192.168.7.0

The port config that connects the switch cluster to the router just has:
switchport access vlan 40
There is an additonal port that connects to the router also for voice, that port config has
switchport access vlan 20

The WAN router has the following related info:

interface GigabitEthernet0/0
description Data-LAN
ip address 192.168.7.65 255.255.255.192
ip route-cache flow

interface GigabitEthernet0/1
description Voice-LAN
ip address 192.168.6.1 255.255.255.0

router eigrp 100
redistribute bgp 64862 metric 10000 1000 255 1 1500
passive-interface default
no passive-interface GigabitEthernet0/0
network 192.168.6.0
network 192.168.7.0
no auto-summary

router bgp 64862
no synchronization
bgp log-neighbor-changes
network 192.168.6.0
network 192.168.7.64 mask 255.255.255.192
redistribute eigrp 100 route-map EigrpToBgpMap
neighbor 67.x.x.x remote-as 6478
neighbor 67.x.x.x soft-reconfiguration inbound
no auto-summary

ip access-list extended EigrpToBgp
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip 192.168.7.0 0.0.0.255 any

What im having a hard time getting my head around is why not on the router under eigrp
advertise network 192.168.5.x
and then on the router also under BGP why not advertise networks 192.168.5.x and why not advertise all of network 192.168.7.x instead of just a portion of that network.

Thanks,

kryolla · May 2009

You cant advertise networks that you dont have directly connected links to and for the 7.65 network you can advertise it any way from 192.168.7.65 0.0.0.0 to 192.168.7.0/24 as all this command does is put the interface into the routing process and then it will advertise whatever prefix is configured on the interface. The wan router will get the 192.168.5 network from the cluster switch. Also you dont have any redundancy on your wan router due to Gig0/1 is in passive state which means no adjacencies so if gig0/0 goes down you are isolated.

The WAN router has the following related info:

interface GigabitEthernet0/0
description Data-LAN
ip address 192.168.7.65 255.255.255.192
ip route-cache flow

interface GigabitEthernet0/1
description Voice-LAN
ip address 192.168.6.1 255.255.255.0

EdTheLad · May 2009

mattsthe2 wrote: »

and then on the router also under BGP why not advertise all of network 192.168.7.x instead of just a portion of that network.

When advertising routes in bgp the exact route must be present in the igp routing table, since this is a directly connected interface with ip 192.168.7.65 255.255.255.192 it will appear in the route table as 192.168.7.64/26 so you must specify the exact subnet under bgp.If you tried to use 192.168.7.65/24 it would not be advertised into bgp as this route is not in the route table.

APA · May 2009

Wow..... he is game redistributing BGP into the IGP....

Just out of curiosity what is the BGP route-policy like from your eBGP peer??(647

... are you learning only a default route if so then that makes sense I guess....

kryolla · May 2009

APA wrote: »

Wow..... he is game redistributing BGP into the IGP....

Just out of curiosity what is the BGP route-policy like from your eBGP peer??(647... are you learning only a default route if so then that makes sense I guess....

The neighbor is probably not sending the full BGP routing table. Now the core site router probably has the full BGP table.

APA · May 2009

kryolla wrote: »

The neighbor is probably not sending the full BGP routing table. Now the core site router probably has the full BGP table.

Yeah that's what I was getting at.....interesting though...hardly seems worth the config if there is no redundancy involved...........a static would have been sufficient from the IGP(Cluster) to the WAN router then from there follow the gateway of last resort as learnt from the eBGP peer.

mattsthe2 · May 2009

correct kryolla.

This is a branch site connected via MPLS. So the only routes in the table are other remote sites and a injected default route.

The core router has a much much larger routing table.

Ok so one other question.

Why bother with the 7 network, i don't see the point.
Why not make the routers gig-data ip address in the 5 network and do away with the 7 all together?

kryolla · May 2009

Just curious what is the underlying layer 2 for this?

Ok so one other question.

Why bother with the 7 network, i don't see the point.
Why not make the routers gig-data ip address in the 5 network and do away with the 7 all together?

Im guessing it is a design to seperate voice, data, and management traffic

mattsthe2 · May 2009

kryolla wrote: »

Just curious what is the underlying layer 2 for this?

what do you mean, layman's terms?

This config is from my old company so its been a few years.

kryolla · May 2009

Layer 2, Frame Relay, PPP, ATM etc. Do you have a hub and spoke design or multiple point to point links or just 1 to the provider.

mattsthe2 · May 2009

kryolla wrote: »

Layer 2, Frame Relay, PPP, ATM etc. Do you have a hub and spoke design or multiple point to point links or just 1 to the provider.

Sorry with you.

At this site it was multiple MPLS T1's bundled together using PPP as the Layer2 type.

kryolla · May 2009

so it was multi link PPP. It doesnt make sense for the provider to inject a default route and more specific routes if there is only 1 link to the provider. Just a default route would of worked and it would be up to the provider to route it whatever way. Now for a layer 2 if you were using a multi-access then it would make more sense to have specific routes along with the default route for traffic engineering.

rossonieri#1 · May 2009

interesting,

What im having a hard time getting my head around is why not on the router under eigrp
advertise network 192.168.5.x
and then on the router also under BGP why not advertise networks 192.168.5.x and why not advertise all of network 192.168.7.x instead of just a portion of that network.

as simple as granular control of route information.
possible cause :
1. the other end doesnt speak EIGRP - so he needs to redistribute it under BGP
2. he wanted to control which route should be send/not to be send using the redistribution, hence he use route-map.

if he only used direct router announcement under router BGP net a.b.c.d - then he will flooded that small router if something in the core went wrong. so, by doing that, he prepares the worst scenario avoidance.

3. the router is an edge boundary router between EIGRP network and BGP.

Why bother with the 7 network, i don't see the point.

i dont get what you mean? on EIGRP part? or the BGP part?

Sepiraph · May 2009

APA wrote: »

Wow..... he is game redistributing BGP into the IGP....

At a PE you can redistributing IGP into the BGP and that configuration has that, but what was the point of redistributing the BGP into the IGP?

kryolla · May 2009

Sepiraph wrote: »

At a PE you can redistributing IGP into the BGP and that configuration has that, but what was the point of redistributing the BGP into the IGP?

I only done it a couple of times while studying ISCW but at the PE you redistro from IGP into BGP and at the other end you would do the reverse BGP into IGP. Now if the traffic was traveling the opposite direction, you would have BGP into IGP and IGP into BGP on the same router. Makes sense but I dont know if this is correct

rossonieri#1 · May 2009

kryolla,

at the PE you redistro from IGP into BGP and at the other end you would do the reverse BGP into IGP.

you could do the reverse, but you dont have to. so, its really depends to your network design and what do you have in mind. like i said - "control". in this case, the CCIE wanted to do both mutual-redistribution to control which EIGRP goes to BGP and vice versa. usually i do that for future network expansion preparation, especially when you are dealing with heterogenous boxes that dont support proprietary protocols.

APA · May 2009

you should be extremely careful redistributing BGP into an IGP.... IGP's simply weren't desigin to handle the number of routes BGP can handle.....

Redistributing only a few routes... that you can be sure are stable routes isn't a problem... but I've seen many cases where BGP has been totally redistributed into the IGP and has caused the IGP to absolutely crap itself occasionally...

or worse is works fine for a while until the IGP decides noooooooo I can't handle this anymore! Total meltdown!

Most designs incorporate redistributing the IGP into BGP but not vice versa..... As I mentioned above there are exceptions to this however due to the absolute need for it.

I'm not quite sure Kyrolla why you would redistribute BGP into the IGP at the other end of a MPLS VPN link.... That's what the PE's are for... they should be the only ones running BGP and and IGP and the CE's would peer up to the PE via a IGP and follow a default route to the PE....

If you needed your CE's to have a full route table for the MPLS VPN then you may as well use iBGP between the CE and PE..... therefore no need to redistribute BGP into the IGP and potentially cause stability issues within the IGP

kryolla · May 2009

Im thinking the wan router is PE since it is running BGP and IGP and the same thing at the core site. The cluster switch is the CE thus it is only running IGP. The OP said the WAN router is running MPLS so only PE routers run MPLS and not CE. Im also assuming he cut out the MPLS config

If you needed your CE's to have a full route table for the MPLS VPN then you may as well use iBGP between the CE and PE..... therefore no need to redistribute BGP into the IGP and potentially cause stability issues within the IGP

You are not really isolating the customer traffic then so there is no point in MPLS VPN.

I was just looking at my ISCW lab portfolio and it is coming back to me now but I don't feel like downgrading the IOS on my routers to lab it up. Im sutdying for my last NP exam which Im taking this month then it is back to studying core topics for CCIE then I can concentrate on MPLS since you need to know core topics to implement MPLS.

APA · May 2009

kryolla wrote: »

You are not really isolating the customer traffic then so there is no point in MPLS VPN.

You would be isolating the customers based on vrf... not all customers would share the same route table... therefore isolating each other..

ibgp via address-family vrf, so customers would only see routes they are meant to...

I'm really looking forward to finishing off this BGP exam so I can the MPLS portion of CCIP!!! This will help me iron out all this MPLS grey area I have!

malcybood · May 2009

APA wrote: »

You would be isolating the customers based on vrf... not all customers would share the same route table... therefore isolating each other..

ibgp via address-family vrf, so customers would only see routes they are meant to...

Yeap this is spot on how our network is configured. We redistribute all of out MPLS sites from BGP into OSPF which also includes a default route. It's an ethernet based MPLS network with a mixture of leased lines and private broadband circuits.

It's ok to redistribute the BGP routes into an IGP on an MPLS network as the curstomer has their own VRF instance which separates them from all other customers so the routing table isn't normally excessive and this is also a security measure.

So in theory a single customer's PE and CPE devices should have the same routing table on all sites, along with the core switch cluster should have all of these routes also along with whatever other internal routes they are running on the network.

I think something that could have been highlighted a bit more on the bsci was the difference between running BGP in a WAN vs an internet access environment, but maybe Cisco keep this for the MPLS exam....I think it would help to highlight it at a high level in the BSCI though as it's more or less purely geared towards internet access between different ISP's.

Personally I'm more familiar with running BGP on the MPLS WAN as we only have 2 static routes to the internet for the 2 routers and do the load balancing with F5 boxes. Something we're looking at changing though!

kryolla · May 2009

I guess it doesnt matter whether the PE or CE redistro BGP into IGP but personally I would rather see the PE do it and all I would have to peer with them is via IGP. MPLS should be a fun technology to learn, I'm glad they brought it to R&S track.

malcybood · May 2009

I guess technically it would be easier, but it depends on how much flexibility the customer requires in their routing policy and CPE kit as to where the redistribution is done.

If it was done at the PE it would also potentially make it very complicated for the telco to administer/support as opposed to having a standard BGP peering setup for every customer they would have a mixture of BGP or any IGP configured over the access link which would be a huge support overhead for the ISP staff.

Not to mention the stress that it would put on the PE router from a performance point of view. Remember that BGP is fairly static after it's up and there's multiple customers on every PE, if you start bringing redistribution and more chatty protocols in there that router could struggle and get very messy......better to keep the redistro in the customer's own back yard.....

Forsaken_GA · May 2009

kryolla wrote: »

I guess it doesnt matter whether the PE or CE redistro BGP into IGP but personally I would rather see the PE do it and all I would have to peer with them is via IGP. MPLS should be a fun technology to learn, I'm glad they brought it to R&S track.

Has that been made official yet? Last I saw, it was still just a rumor with no official confirmation.

Edit: Well, nevermind, they made it official as of today!

Routing Concept done by CCIE

Comments