BGP: Injecting IGP route into BGP without redistribution

The diagram is complicated with an additional link, and instead of full BGP route in AS65000, the BGP route is propagated with the help of OSPF.

In previous lab, the BGP full mesh was established by peering both subnets of a BGP router. However this step can be simplified by peering the BGP speaker’s loopback address. The ultimate rule of thumb for BGP is there must be reachability to the intended peer first before you execute neighbor remote-as command.

The routers’ loopback address is advertised by OSPF. All routers in AS65000 advertise one another’s route using OSPF internally. The border routers, r1 and r3, establish ibgp route to each other and establish ebgp route to r4 and r5.

Here’s the OSPF configuration of r1,r2 and r3.
r1 has to advertise its loopback address for the sake of BGP peering.


r1#sh run | s router ospf
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 0 authentication message-digest
 
 passive-interface default
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Loopback0
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
 network 192.168.0.5 0.0.0.0 area 0
r1#

r2 is the only router which does not have bgp router process.

r2#sh run | s router ospf
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 area 0 authentication message-digest
 area 1 authentication message-digest
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Loopback0
 network 2.2.2.2 0.0.0.0 area 0
 network 10.20.0.1 0.0.0.0 area 1
 network 10.20.1.1 0.0.0.0 area 1
 network 10.20.2.1 0.0.0.0 area 1
 network 10.20.4.1 0.0.0.0 area 1
 network 192.168.0.2 0.0.0.0 area 0
 network 192.168.0.9 0.0.0.0 area 0
r2#

r3 advertises its loopback address for the sake of BGP peering via loopback.


r3#sh run | s router ospf
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 area 0 authentication message-digest
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/2
 no passive-interface Loopback0
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.0.6 0.0.0.0 area 0
 network 192.168.0.10 0.0.0.0 area 0
r3#

BGP peering in AS65000
If r1 and r3 have only one link to each other than peering loopback or physical interface does not matter, but there are redundant links which can route back to r1 and r3 hence peering loopback interface addresses becomes meaningful in maintaining high availability.

r1#sh run | s router bgp
router bgp 65000
 synchronization
 bgp router-id 11.11.11.11
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 65000
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 192.168.0.14 remote-as 65100
 no auto-summary
r1#

r3#sh run | s router bgp
router bgp 65000
 synchronization
 bgp router-id 33.33.33.33
 bgp log-neighbor-changes
 network 192.168.0.16 mask 255.255.255.252
 neighbor 1.1.1.1 remote-as 65000
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 192.168.0.18 remote-as 65200
 no auto-summary
r3#

Line number 3 and 14 have synchronization turned on. The purpose of synchronization is to ensure that there is no blackhole, recalling synchronization rule:
BGP will not advertise the route if the route is not learned via IGP

r1 and r3 peer to each other’s loopback address, by default the bgp router will advertise the next-hop address as its interface that originates the route. In other words, r1 will use serial 0/2 interface ip address as its next-hop address and advertises to r3, and r3 will use serial 0/2 interface ip address as its next-hop address and advertises to r1. However for loopback peering to work, the next-hop address has to be changed using update-source command option.

r1 and r3 BGP neighborship verification

r1#sh ip bgp summary
BGP router identifier 11.11.11.11, local AS number 65000
BGP table version is 36, main routing table version 36
11 network entries using 1287 bytes of memory
18 path entries using 936 bytes of memory
8/4 BGP path/bestpath attribute entries using 992 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3311 total bytes of memory
BGP activity 18/7 prefixes, 26/8 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
3.3.3.3         4 65000    1436    1457       36    0    0 23:50:36        8
192.168.0.14    4 65100    1586    1443       36    0    0 23:50:56        7
r1#

r3#sh ip bgp summary
BGP router identifier 33.33.33.33, local AS number 65000
BGP table version is 10, main routing table version 10
11 network entries using 1287 bytes of memory
18 path entries using 936 bytes of memory
8/3 BGP path/bestpath attribute entries using 992 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3311 total bytes of memory
BGP activity 18/7 prefixes, 25/7 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4 65000    1458    1437       10    0    0 23:51:24       10
192.168.0.18    4 65200    1583    1431       10    0    0 23:46:59        7
r3#

If BGP peering fails IDLE state is expected, IDLE state means no attempted to start establishing BGP and did not receive any BGP peering attempt.

r1#sh tcp brief
TCB       Local Address           Foreign Address        (state)
85661D64  192.168.0.13.179        192.168.0.14.28718     ESTAB
84DFB9E0  1.1.1.1.21211           3.3.3.3.179            ESTAB
r1#
Tserver#3
[Resuming connection 3 to c15 ... ]

r3#sh tcp brief
TCB       Local Address           Foreign Address        (state)
856589CC  192.168.0.17.179        192.168.0.18.12454     ESTAB
8572CDAC  3.3.3.3.179             1.1.1.1.21211          ESTAB
r3#

Advertise default route at r1, so that non-BGP routers in AS65000 can reach r4 prefixes

r1#sh run | s ip route
ip route 0.0.0.0 0.0.0.0 Null0
r1#sh run | s router ospf 1
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 0 authentication message-digest
 
 passive-interface default
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Loopback0
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
 network 192.168.0.5 0.0.0.0 area 0
 default-information originate
r1#
r1#sh run | s router bgp
router bgp 65000
 synchronization
 bgp router-id 11.11.11.11
 bgp log-neighbor-changes
 network 192.168.0.0 mask 255.255.255.252
 neighbor 3.3.3.3 remote-as 65000
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 192.168.0.14 remote-as 65100
 no auto-summary
r1#

Line 2 is a default route statement to null 0, line 16 is to let OSPF advertise a default route, OSPF is interesting you can still advertise default route without a default route statement by using default-information originate always. Line 2 and 16 established the reachability from non-BGP speaking router to r4 prefixes, however the reply needs to return back to the originate source, line 23 is to let r4 knows how to reply back to the originate source in this case the originating source is from r2 prefixes.

Let’s go over to r2 and see the routing table and test the reachability from r2 to r4 prefixes.


r2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/51] via 192.168.0.1, 1d00h, Serial0/1
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/51] via 192.168.0.10, 1d00h, Serial0/0
     192.168.0.0/30 is subnetted, 3 subnets
O       192.168.0.4 [110/100] via 192.168.0.10, 1d00h, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.0.1, 00:55:49, Serial0/1
r2#tclsh
r2(tcl)#foreach ip {
+>(tcl)#10.0.0.1
+>(tcl)#10.0.0.5
+>(tcl)#10.0.0.9
+>(tcl)#} {ping $ip}

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r2(tcl)#

the ping from the r2 to r4 prefixes were successful because the router itself originates the echo and r4 knows how to reply back to r2, but if ping is sent from source ip address 10.20.0.1 the echo is time out, because r4 has no knowledge of 10.20.0.0/24 route.


r2#ping
Protocol [ip]:
Target IP address: 10.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.20.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.20.0.1
.....
Success rate is 0 percent (0/5)

Advertise r2 prefix into bgp


r1#sh run | s router bgp
router bgp 65000
 synchronization
 bgp router-id 11.11.11.11
 bgp log-neighbor-changes
 network 10.20.0.0 mask 255.255.255.0
 network 192.168.0.0 mask 255.255.255.252
 neighbor 3.3.3.3 remote-as 65000
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 192.168.0.14 remote-as 65100
 no auto-summary
r1#

Line 6 is the network statement added. r1 has knowledge of 10.20.0.0/24 through OSPF, the BGP network statement advertises the route exists in r1’s routing table.

r2#ping
Protocol [ip]:
Target IP address: 10.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.20.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.20.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r2#

This time r2’s prefix 10.20.0.0/24 can get echo reply from r4’s prefix. This is because 10.20.0.0/24 has been advertised to r4 via eBGP.


r4#sh ip route bgp | beg Gateway
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
B        10.20.0.0/24 [20/51] via 192.168.0.13, 00:05:13
      172.17.0.0/28 is subnetted, 3 subnets
B        172.17.1.0 [20/0] via 192.168.0.22, 1d00h
B        172.17.1.16 [20/0] via 192.168.0.22, 1d00h
B        172.17.1.32 [20/0] via 192.168.0.22, 1d00h
      192.168.0.0/24 is variably subnetted, 6 subnets, 2 masks
B        192.168.0.0/30 [20/0] via 192.168.0.13, 00:59:00
B        192.168.0.16/30 [20/0] via 192.168.0.22, 1d00h
r4#

Advertise specific r4 prefix into OSPF in AS65000

Suppose advertising default route in OSPF is not desirable, only one r4 prefix should be advertised, I can add a static route then redistribute into OSPF.

r1#sh run | s router ospf
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 0 authentication message-digest
 redistribute static subnets
 passive-interface default
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Loopback0
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
 network 192.168.0.5 0.0.0.0 area 0
r1#sh run | s ip route
ip route 10.0.0.0 255.255.255.252 192.168.0.14
r1#

r2’s routing table

r2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/51] via 192.168.0.1, 1d00h, Serial0/1
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/51] via 192.168.0.10, 1d00h, Serial0/0
     10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O E2    10.0.0.0/30 [110/20] via 192.168.0.1, 00:02:15, Serial0/1
     192.168.0.0/30 is subnetted, 3 subnets
O       192.168.0.4 [110/100] via 192.168.0.10, 1d00h, Serial0/0
r2#

r1’s BGP router process still advertises 10.20.0.0/24 prefix to its ebgp neighbor. Hence let’s test reachability using source address 10.20.0.1 and destination address 10.0.0.1

r2#ping
Protocol [ip]:
Target IP address: 10.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.20.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.20.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r2#
Advertisements
This entry was posted in BGP, Route and tagged , , , , , , . Bookmark the permalink.

2 Responses to BGP: Injecting IGP route into BGP without redistribution

  1. Praveen says:

    Such a great article pls keep going…………………….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s