Objectives:
- Configure OSPF as IGP for R1, R2, R3
- Configure iBGP between R1 and R2
- Configure iBGP between R4 and R5
- Configure eBGP between R1 and R4
- Configure eBGP between R2 and R5
Relevant configurations are posted below so let's get started.
First let's get R1, R2, R3 configured with OSPF as its IGP and let R1 and R2 originate default into the OSPF domain. Relevant configurations are below.
R1#sh run int fast1/0
interface FastEthernet1/0
description Connected to LAN
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
end
** Get the subnet 10.0.0.0/24 in the OSPF Area 0 and originate a default**
R1#sh run | sec ospf
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0
default-information originate
R2#sh run int fast1/0
interface FastEthernet1/0
description Connected to LAN
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
end
interface FastEthernet1/0
description Connected to LAN
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
end
** Get the subnet 10.0.0.0/24 in the OSPF Area 0 and originate a default**
R2#sh run | sec ospf
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0
default-information originate
R3#sh run int fast1/0
interface FastEthernet1/0
description Connected to LAN
ip address 10.0.0.3 255.255.255.0
duplex auto
speed auto
end
** Get the subnet 10.0.0.0/24 in the OSPF Area 0 **
R3#sh run | sec ospf
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0
Let's verify OSPF neighbor relationships.
 |
| Notice R3 is neighbored with R1 and R2 as configured. Now let's get R1 and R2 configured with iBGP, eBGP, and advertise 22.22.22.0/24 to our upstream ISP (R4 and R5). |
**Create a prefix-list to match only the default route. We will be using this prefix-list for a couple of route-maps **
R1#sh run | sec ip prefix
ip prefix-list DEFONLY seq 10 permit 0.0.0.0/0
** Create a route-map which we will later use to set the local preference for routes coming in from eBGP neighbors. If we do not set the local preference iBGP routes will be installed into the routing table and we will create a routing loop. **
R1#sh run | sec route-map
route-map SETEBGPLOCALPREF permit 10
set local-preference 100
** Create a route-map which we will later use to set the local preference for the default route learned via iBGP. **
ip prefix-list DEFONLY seq 10 permit 0.0.0.0/0
** Create a route-map which we will later use to set the local preference for routes coming in from eBGP neighbors. If we do not set the local preference iBGP routes will be installed into the routing table and we will create a routing loop. **
R1#sh run | sec route-map
route-map SETEBGPLOCALPREF permit 10
set local-preference 100
** Create a route-map which we will later use to set the local preference for the default route learned via iBGP. **
R1#sh run | sec route-map
route-map SETIBGPDEFLOCALPREF permit 10
match ip address prefix-list DEFONLY
set local-preference 50 ** Set iBGP learned default to be a lower preference than eBGP learned default.**
route-map SETIBGPDEFLOCALPREF permit 20
R1#sh run int fast1/1
interface FastEthernet1/1
description Connected to R2
ip address 22.22.22.1 255.255.255.0
duplex auto
speed auto
end
R1#sh run int gi2/0
interface GigabitEthernet2/0
description Connected to ISP - R4
ip address 11.11.11.1 255.255.255.0
negotiation auto
end
R1#sh run | sec bgp
router bgp 22222
no synchronization
bgp log-neighbor-changes
network 22.22.22.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor 11.11.11.4 remote-as 11111
neighbor 11.11.11.4 route-map SETEBGPLOCALPREF in ** Anything coming in from this neighbor will have a local preference of 100 **
neighbor 22.22.22.2 remote-as 22222
neighbor 22.22.22.2 next-hop-self
neighbor 22.22.22.2 route-map SETIBGPDEFLOCALPREF in ** Default route coming in from this neighbor will have a local preference of 50 **
no auto-summary
router bgp 22222
no synchronization
bgp log-neighbor-changes
network 22.22.22.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor 11.11.11.4 remote-as 11111
neighbor 11.11.11.4 route-map SETEBGPLOCALPREF in ** Anything coming in from this neighbor will have a local preference of 100 **
neighbor 22.22.22.2 remote-as 22222
neighbor 22.22.22.2 next-hop-self
neighbor 22.22.22.2 route-map SETIBGPDEFLOCALPREF in ** Default route coming in from this neighbor will have a local preference of 50 **
no auto-summary
**Create a prefix-list to match only the default route **
R2#sh run | sec ip prefix
ip prefix-list DEFONLY seq 10 permit 0.0.0.0/0
** Create a route-map which we will later use to set the local preference for routes coming in from eBGP neighbors. If we do not set the local preference iBGP routes will be installed into the routing table and we will create a routing loop. **
R2#sh run | sec route-map
route-map SETEBGPLOCALPREF permit 10
set local-preference 100
** Create a route-map which we will later use to set the local preference for the default route learned via iBGP. **
R2#sh run | sec route-map
route-map SETIBGPDEFLOCALPREF permit 10
match ip address prefix-list DEFONLY
set local-preference 50
route-map SETIBGPDEFLOCALPREF permit 20
interface FastEthernet1/1
description Connected to R1
ip address 22.22.22.2 255.255.255.0
duplex auto
speed auto
end
R2#sh run int g2/0
interface GigabitEthernet2/0
description Connected to ISP - R5
ip address 12.12.12.2 255.255.255.0
negotiation auto
end
R2#sh run | sec bgp
router bgp 22222
no synchronization
bgp log-neighbor-changes
network 22.22.22.0 mask 255.255.255.0
network 12.12.12.0 mask 255.255.255.0
neighbor 12.12.12.5 remote-as 11111
neighbor 12.12.12.5 route-map SETEBGPLOCALPREF in ** Anything coming in from this neighbor will have a local preference of 100 **
neighbor 22.22.22.1 remote-as 22222
neighbor 22.22.22.1 next-hop-self
neighbor 22.22.22.1 route-map SETIBGPDEFLOCALPREF in ** Default route coming in from this neighbor will have a local preference of 50 **
no auto-summary
no synchronization
bgp log-neighbor-changes
network 22.22.22.0 mask 255.255.255.0
network 12.12.12.0 mask 255.255.255.0
neighbor 12.12.12.5 remote-as 11111
neighbor 12.12.12.5 route-map SETEBGPLOCALPREF in ** Anything coming in from this neighbor will have a local preference of 100 **
neighbor 22.22.22.1 remote-as 22222
neighbor 22.22.22.1 next-hop-self
neighbor 22.22.22.1 route-map SETIBGPDEFLOCALPREF in ** Default route coming in from this neighbor will have a local preference of 50 **
no auto-summary
Let's verify iBGP relationship.
 |
| Verifying iBGP relationship between R1 and R2. |
Let's get R4 and R5 configured with ip address, static routes, eBGP and iBGP.
R4#sh run | incl ip route
ip route 0.0.0.0 0.0.0.0 Null0
R4#sh run int gig1/0
interface GigabitEthernet1/0
description Connected to R1
ip address 11.11.11.4 255.255.255.0
negotiation auto
end
R4#sh run int fast2/0
interface FastEthernet2/0
description Connected to R5
ip address 10.4.4.4 255.255.255.0
duplex auto
speed auto
end
R4#sh run | sec bgp
router bgp 11111
no synchronization
bgp log-neighbor-changes
network 10.4.4.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
network 10.4.4.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor 10.4.4.5 remote-as 11111
neighbor 10.4.4.5 default-originate
neighbor 11.11.11.1 remote-as 22222
neighbor 11.11.11.1 default-originate
no auto-summary
R5#sh run | incl ip route
ip route 0.0.0.0 0.0.0.0 Null0
R5#sh run int g1/0
interface GigabitEthernet1/0
description Connected to R2
ip address 12.12.12.5 255.255.255.0
negotiation auto
end
R5#sh run int fast2/0
interface FastEthernet2/0
description Connected to R4
ip address 10.4.4.5 255.255.255.0
duplex auto
speed auto
end
R5#sh run | sec bgp
router bgp 11111
no synchronization
bgp log-neighbor-changes
network 10.4.4.0 mask 255.255.255.0
network 12.12.12.0 mask 255.255.255.0
network 10.4.4.0 mask 255.255.255.0
network 12.12.12.0 mask 255.255.255.0
neighbor 10.4.4.4 remote-as 11111
neighbor 10.4.4.4 default-originate
neighbor 12.12.12.2 remote-as 22222
neighbor 12.12.12.2 default-originate
no auto-summary
Let's verify everything works as it should. I would probably do a clear ip bgp on R1 and R2 to get everything back to where it should be. Remember BGP is SLOW!! so it may take a while to populate everything after clear ip bgp.
At this point R1 and R2 are configured and ready to go. They are getting the right default routes installed in the routing table. If R1 internet goes down R1 will then use R2's link and get out to the internet. Everything is working fine EXCEPT R3 is not ready yet.
Notice that R3 has 2 default routes as it should so it can load balance. However pinging anything outside of R1 and R2 fails. See below.
For example, pinging R5 (12.12.12.5) fails even though we have 2 default routes. Why?
It is failing because R4 and R5 does not know about 10.0.0.0/24. We need to configure NATting on R1 and R2. Read part 2 for details on: Dual NAT for R3 and some failover scenarios.
Many more articles to come so stay tuned. As usual, if you like my posts please subscribe by clicking 'Join this site' on the right.
 |
| R1 and R2 are neighbored with R4 and R5 |
 |
| Notice there are 2 routes for 0.0.0.0 and the eBGP route has been selected as the best route. Why? Because it has a higher local preference. Thanks to our route-map. |
 |
| Notice the default route installed into the routing table is the eBGP learned default and not the iBGP learned default. |
Notice that R3 has 2 default routes as it should so it can load balance. However pinging anything outside of R1 and R2 fails. See below.
For example, pinging R5 (12.12.12.5) fails even though we have 2 default routes. Why?
It is failing because R4 and R5 does not know about 10.0.0.0/24. We need to configure NATting on R1 and R2. Read part 2 for details on: Dual NAT for R3 and some failover scenarios.
Many more articles to come so stay tuned. As usual, if you like my posts please subscribe by clicking 'Join this site' on the right.
Hello,
ReplyDeleteI would like to thank you for this Great post, I've learned a lot.
Some questions :
What IP address do we have to use on the PCs ?
Do we have to use HSRP/VRRP between R1 & R2 to represent a default GW for the entreprise Core ? in case R1 is down
Hello,
ReplyDeleteI would like to thank you for this Great post, I've learned a lot.
Some questions :
What IP address do we have to use on the PCs ?
Do we have to use HSRP/VRRP between R1 & R2 to represent a default GW for the entreprise Core ? in case R1 is down
On the PC's you would normally use the R3 (enterprise core router) as your default gateway. Towards R3 from R1/R2 you wouldn't have to use HSRP/VRRP because R1 and R2 are connected directly to R3 (via L2 switch) so OSPF should take care of default route origination. You could do ECMP (Equal Cost multipathing if you want to use both internet) or you could make R1 primary and R2 secondary.
DeleteThanks for the reply, I work for an ISP and when we provide Dual Home Internet Connection, we usually configure HSRP on R1&R2, so that if one goes down the other one would take over, and usually the R3 would be a Firewall, which the LAN PCs/Servers would use as there G/W.
ReplyDeleteWould you not think, R1&R2 should have HSRP configured.
R1 and R2 should have HSRP configured if you are not doing any routing protocols between R1, R2, and R3. So in your case if R3 is a firewall and you need to have a static routed pointed as the default gateway then you would run HSRP or some other FHRP (first hop redundancy protocol) between R1 and R2 and use that HSRP address as the next-hop default gateway on R3/firewall.
Delete