BGP configuration

Hi all

Please can someone help me understand this concept...

Let me show you the scenario

a single MPLS of ISP connection come to my router and my router in the DMZ servers

I have to connect to the remote server to my server DMZ

The ISP gave me the details of BGP configure

now what do I Route my private network for remote servers...

I run NAT on my router to go through the ISP connection... now I can ping to the gateway of the ISP and can see all the router in table bgp #sh

is this correct or I need to directly transfer traffic from the internal network of ISP through BGP... or

Do I have to create Tunnels... If the Tunnels are necessary then I need to know the remote desktop

Thank you very much in advance

You have 1 site that has a circuit of mpls and the other doesn't, or go in the same provider and SPLM on both sides? If you have mpls on both sides by the same provider, it should be as easy as peering with the supplier with bgp on both sides and advertising then your internal subnets. If you have the public internet between you, you will need tunnels of lan-to-lan creat between two routers. Here is a guide to help you to do:

http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080094634.shtml

HTH,
John

Please note all useful messages *.

Tags: Cisco Network

Similar Questions

When to use BGP-address family?

I often see BGP configured on a router of the provider (P/PE) like this (he is a true router just anonymizated extract);

router bgp 12345

Remote 1.1.1.1 neighbor - as 12345. iBGP peer

ipv4 address family

Remote 1.1.1.1 neighbor - as 12345. iBGP peer

vpnv4 address family

Remote 1.1.1.1 neighbor - as 12345. iBGP peer

address ipv4 vrf Customer1 family

neighbor 10.0.0.1 remote - as 67890! eBGP peer
- I understand the CE peering defined under the 'family of addresses ipv4 vrf Customer1' because we put their journey in this VRF
- I understand that "address-family vpnv4" is used to define peers from iBGP provider to be attached, carrying this customer VRF to another CE
- Finally, I understand that a provider's router is an iBGP peer so that it is set directly under "router bgp 12345".
What is the need for a 'family of ipv4 addresses' (without the vrf) here or never?

What it does the output as 'normal' neighbor definitions (those who are directly under "router bgp 12345") and nearby definitions vpnv4, do not provide?

Hello

The BGP, as you know, has a capacity of Multiprotocol - in one sitting, it is capable of carrying information about the various routed protocols (IPv4 Unicast, Multicast IPv4, IPv6 Unicast, Multicast IPv6, VPNv4, CLNP), in the jargon of BGP called "address families. With being a true multiprotocol routing protocol BGP, however, you all way to say BGP address what families should be exchanged with a neighbor especially. We are accustomed to the fact that, if we define a neighboring IPv4, we intend to Exchange IPv4 routes with this neighbour - but why is making a rule? Why do assumptions early on the address simply family because the address of the neighbor is from a family special itself?

That's the point behind the controls of the address family . Definition of a neighbor in a particular address family means we want to Exchange routes of specific address with this neighbour family. No no not a neighbor listed under a particular address family means that we do not expect to exchange information of this family of addresses with this neighbour.

Now, ipv4 address family says neighbors with whom we want to Exchange normal IPv4 unicast routes. It's perhaps surprising because to Exchange IPv4 routes with a neighbor, just simply set this neighbour by its address. The fact is that for backward compatibility with older BGP versions that were not Multiprotocol-capable, the BGP attributes implicitly defined all the neighbors to a section of the invisible -ipv4 address family . In other words, as soon as you set a neighbor, it is automatically added to a section of the invisible -ipv4 address family so that you don't have to do it manually.

You can change, however. First of all, if you enter the BGP configuration command bgp upgrade-cli , you will find that the BGP configuration has been converted entirely to the family style address configuration. Outside any family address stanzas, only the nearby base settings are configured as their addresses, as numbers, updated sources. However, all orders by family of remaining addresses will be automatically moved into the stanzas of the address family. The behavior or BGP operations do not change with this new style of configuration, only the format of configuration is changed.

In addition, if you enter the No bgp ipv4 unicast default command configuring BGP, BGP will prevent you from automatically assigning each neighbour newly defined in the section of the ipv4 address family . You then must add each neighbor set to each scheduled automatically - address family it does automatically for you more.

So to wrap - ipv4 address family is in fact a pervasive section in the BGP configuration but for reasons of backward compatibility, it is not visible by default. However, the configuration can be converted into a configuration by address-family-strict, and in fact, I would recommend that for all new deployments.

Please feel welcome to ask for more!

Best regards

Peter

BGP announcement: How do I remove the attributes "next hop" and "metrics" inherited from OSPF?

Hello

I use a router THAT WAN Cisco ASR1001 connected via BGP AS65075 with our ISP.

This router is connected through OSPF with our Cisco 7206VXR/NPE-G2 firewall.

Topology:

ISP <- bgp="" -="">RT 1001 <- ospf="" -="">FW 7206 <->LAN

On the WAN router, static routes are set to null0 to always announce our class C networks.

Route IP 192.168.10.0 255.255.255.0 Null0 250

...

Network guidelines are placed in our BGP configuration:

router bgp 65075

The log-neighbor BGP-changes

neighbor EBGP-PEER-IPv4-peer group

EBGP-PEER-IPv4 neighbor fall-over bfd

neighbour 192.168.88.138 distance - as 65200

192.168.88.138 a neighbor EBGP peers PEERS-IPv4

192.168.88.138 ISP IPv4 neighbor description

next password 192.168.88.138 7 unknown

!

ipv4 address family

...

network 192.168.10.0

...

a neighbor EBGP-PEER-IPv4 soft-reconfiguration inbound

EBGP-PEER-IPv4 neighbor distribute-list prefix-v4 on

an EBGP-PEER-IPv4 neighbor prefix-maximum 100

neighbor EBGP-PEER-IPv4-1 filter list out

neighbor 192.168.88.138 activate

neighbor 192.168.88.138 filter-list 2

output-address-family

A part of these networs are also learned through OSPF. If these routes are present in the routing table:

RT-01 #sh ro ip 192.168.10.0

Routing for 192.168.10.0/24 entry

Known via "ospf 1", distance 110, metric 20, type extern 2, metric 1 forward

Published by bgp 65075

Last update to 192.168.0.79 on Port - channel1.28, 7w0d there is

Routing descriptor blocks:

* 192.168.0.79, from 192.168.0.71, 7w0d there is, through Port - channel1.28

See metric: 20, number of share of traffic is 1

Because these roads are active in the rounting table. Announcing BGP based on his and attributes "next hop" and "metric" are inherited from OSPF:

RT-01 #sh ip bgp neighbors 192.168.88.138 announced-routes

...

Network Next Hop path metrics LocPrf weight

...

* > 192.168.10.0 192.168.0.79 20 32768 I

...

Is it possible to remove the legacy of OSPF into BGP attributes?

How to set the "next hop" to the value 0.0.0.0 and "metric" to 0?

Thank you

Best regards

Jérôme

Hello Berthier,

NEXT_HOP is a hill & attribute mandatory path including the eBGP value is the IP address of the BGP peer (specified in the neighbor's remote control) where the router learns the prefix. Thus, your peers (eBGP) will still see the IP 192.168.88.138 in your BGP Next Hop as updates. I agree you the output of the command ' sh ip bgp neighbors 192.168.88.138 roads announced "can be confusing, but not worried about it.

Metric 20 is cause of path must be acquired by OSPF. Copy in default atributte MED BGP metric. So I see that you have only a peer is very important change this value because MED is not transitive, if this value is not propagated by other ACE access your provider. Anyway, if you want to change, you must:

1. create a list of prefixes with one or more prefixes that you want to "reset" the MED value:

list of prefixes prefix-to-reset-MED seq 5 permit 192.168.10.0/24

list of prefixes prefix-to-reset-MED seq 10 permit X.X.X

2. create a roadmap

allowed to reset - MED card route 5

match of prefix-to-reset-MED IP prefix-list

the metric value 0

road map provided to zero-MED allowed 10

!

The last road map is necessary to ensure that the rest of the prefixes are sent.

3. apply the road map

a neighbor EBGP-PEER-IPv4-roadmap given to zero-MED on

Concerning

ASA 5510 BGP

Hi all,

I have a new BGP configuration that consists of two asa 5510 and two routers 2911 in the back. My question is: do asa 5510 support BGP?

Thank you.

Hi Sotiris,

Unfortunately, the ASA does not support BGP (you can peer through the ASA but the ASA cannot be a peer BGP itself). The following link has a list of supported on the SAA routing protocols:

http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/route_overview.html

-Mike

"bgp as path bestpath ignores" in 1006 ASR

Hi all

I want to configure BGP to ignore as the path for the best choice of path to the router ASR 1006. But in BGP configuration mode, this isn't the option as path access list. It's showing as unrecognized command.

RTR1(config-router)#bgp bestpath ?

compare-routerid Compare router-id for identical EBGP paths

cost-community cost community

igp-metric igp metric

med MED attribute

prefix-validate Prefix origin validation

RTR1(config-router)#

IOS version details are:

RTR1#sh ver

Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(4)

S, RELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Compiled Mon 23-Jul-12 20:02 by mcpre

IOS XE Version: 03.07.00.S

licensed under the GNU General Public License ("GPL") Version 2.0. The

software code licensed under GPL Version 2.0 is free software that comes

with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such

GPL code under the terms of GPL Version 2.0. For more details, see the

documentation or "License Notice" file accompanying the IOS-XE software,

or the applicable URL provided on the flyer accompanying the IOS-XE

software.

ROM: IOS-XE ROMMON

RTR1 uptime is 31 weeks, 17 hours, 51 minutes

Uptime for this control processor is 31 weeks, 17 hours, 53 minutes

System returned to ROM by reload

System restarted at 23:29:29 IST Sat Apr 6 2013

System image file is "bootflash:/asr1000rp2-adventerprisek9.03.07.00.S.152-4.S.bin"

Last reload reason: PowerOn

Any help would be appreciated.

Thanks to all in advance

Irfan,

The command can be hidden, but maybe it can be accepted if you type in its entirety. See here, this is a 2691 12.4 (15) T13 IOS:

R1(config)#router bgp 1

R1(config-router)#bgp bestpath ?

compare-routerid Compare router-id for identical EBGP paths

cost-community cost community

med MED attribute

R1(config-router)#bgp bestpath as-path ?

% Unrecognized command

R1(config-router)#bgp bestpath as-path ignore ?

% Unrecognized command

R1(config-router)#bgp bestpath as-path ignore

R1(config-router)#do show run | sec router bgp

router bgp 1

no synchronization

bgp log-neighbor-changes

bgp bestpath as-path ignore

no auto-summary

Best regards

Peter

Change of advertising for the BGP subnet

Probably a simple question, but my skills BGP are almost nothing... apologies in advance.

Scenario:

CompanyABC has a 22 1.1.0.0 subnet. The 22 full announced out of CorpOffice1 to isps1. There is a roadmap set up that uses a prefix list to announce the outgoing subnets. Below is an example config:

BGP:

router bgp 35555

changes of the next newspaper

Remote 2.2.2.2 a neighbor - like 5555

2.2.2.2 neighbor activate

neighbor 2.2.2.2 soft-reconfiguration inbound
2.2.2.2 a neighbor ISP1_5555_out map out route

Map of the route:

ISP1_5555_out allowed 10 route map
match ip address prefix-list ISP1_Primary

List of prefixes:

IP-list of prefixes ISP1_Primary seq 10 permit 1.1.0.0/22

Lets say that CompanyABC also has another office which is also served by isps1. They want to divide the 22 subnet so that the first 3 subnets (1.1.0.0,1.1.1.0 and 1.1.2.0) are always announced to CorpOffice1, but they want to configure BGP with isps1 to CorpOffice2 and announce only the 1.1.3.0 subnet from there.

Questions:

The configuration change is not as simple as changing the prefix-list to the CorpOffice1 to announce the 3 24 subnets and configure a BGP configuration similar to CorpOffice2, but only the 1 24 subnet advertising?

Changing the configuration to CorpOffice1 would require coordination with isps1 to make this change?

(Should of course coordinate with isps1 configure BGP CorpOffice2 to announce the second subnet.)

What is time of reconfiguration CorpOffice1 stop/impact?

Thanks in advance, guys.

Yes you can do as you said. You can use following the procedure-

-Come three/24 prefixes of CorpOffice1.

-Change the prefix-list out route-map to allow three 24 prefixes.

-Ask the ISP to accept these prefixes. ISP must have applied inbound route-map to have control on the prefixes that you are advertising. It may be in a format like "prefix ip allowed list of 24 1.1.0.0/22" or may be just allowed 22 prefix. Therefore, confirmation with the ISP and this route-map change may be required.

-Once the ISP confirms that they are open/24 prefixes and advertising to the internet, you can stop advertising 22 prefix. Confirm if 24 prefixes are announced to internet or not, you can connect to any global server and look for your bgp route prefixes.

-Also, as soon as you stop the advertising/22 prefix, check if you are able to reach internet or not. If this is not the case, take a source based traceroute results and then start advertising again 22 prefix and troubleshoot it ISP below.

-Note pls useful messages-

Kind regards

Assani

MPLS BGP route push DMVPN rays

I have an MPLS with BGP. I have sites that are not connected directly to the SPLM, also, but need a VPN s2s hub sites that are connected to the SPLM and in this way they access resources MPLS. I need to communicate the changes to itinerary for the SPLM when the DMVPN fails on another hub.

Currently, this is my config:

Datacenter (MPLS only)
```
 interface GigabitEthernet0/1 description MPLS ip address 192.168.0.34 255.255.255.252 interface Vlan2 ip address 192.168.96.2 255.255.255.0 router bgp 65511 bgp log-neighbor-changes network 192.168.96.0 neighbor 192.168.0.33 remote-as 65510
```
Hub site 1 (MPLS + internet)
```
 interface Tunnel200 ip address 10.99.99.1 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication auth ip nhrp map multicast dynamic ip nhrp network-id 12345 ip nhrp holdtime 600 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 200 tunnel protection ipsec profile dmvpn interface GigabitEthernet0/1 description MPLS ip address 192.168.1.2 255.255.255.0 secondary ip address 192.168.0.2 255.255.255.252 router bgp 65001 bgp log-neighbor-changes network 192.168.1.0 network 192.168.21.0 !10.99 clients are DMVPN spokes neighbor 10.99.99.3 remote-as 99010 neighbor 10.99.99.3 route-reflector-client neighbor 10.99.99.21 remote-as 99001 neighbor 10.99.99.21 route-reflector-client !as 65000 is the MPLS PE neighbor 192.168.0.1 remote-as 65000
```
Hub 2 site, has the same configuration, except for the local ip address and the router BGP ID.

Spoke site:
```
 interface Tunnel200 ip address 10.99.99.3 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication auth ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1 ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2 ip nhrp network-id 12345 ip nhrp holdtime 600 ip nhrp nhs 10.99.99.1 priority 1 ip nhrp nhs 10.99.99.16 priority 5 ip nhrp nhs fallback 60 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 200 tunnel protection ipsec profile dmvpn interface GigabitEthernet0/1 description Internal ip address 192.168.3.1 255.255.255.192 router bgp 99010 bgp log-neighbor-changes network 192.168.3.0 neighbor 10.99.99.1 remote-as 65001 neighbor 10.99.99.16 remote-as 65013
```
This site speaks
```
 #sh ip route B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
```
which is the network of HUBS, but the rest of the MPLS roads are not "learned".

What Miss me?

Thank you!

192.168.21.0 is another spoke, sorry for Terseco not that. Same configuration as the op 192.168.3.0. So I make a record of the domain controller and it will the first hub and not backup

The difference is that your hubs are advertising the subnet 192.168.21.0/24 IE. you have configured it as a statement of network under your BGP configuration on the hubs and not the rays where this subnet is actually which brings me to my next point.

The hub will switch to backup when I mannualy closed the internet interface, but not the entire router. This could be a problem?

Yes because the Hub 1 site still has its MPLS connection until 192.168.21.0/24 advertising to the domain controller is.

If this subnet was announced by speak it that it belonged and not the hubs then it should be announced only by hub site 2 because the Hub 1 site is more would receive it on the site talks about.

So why are advertising a route speaks on hubs instead of reception by spoke them and transmit to the MPLS network?

Edit - for this subnet to advertise you must have a route in the IP routing for her table. How are getting you this route in the routing table, it with a route static and if yes, what is the exact route you entered?

Jon

Questions about N3024 switch by default - originate BGP

Here is the configuration of the two switches. I set up and rising BGP, passing of prefixes. I want 1 switch to send a default gateway to switch 2 and have the default installation of command on the next statement are created. I don't see the 0.0.0.0 route by default in the show ip bgp sum command, but which is detailed in the configuration guide. However, I don't see a default route 0.0.0.0 in the routing table for switch 2 at all and an error message that there is no default route available. Would I be missing here?

Config is below:

SWITCH 1

Configure

VLAN 50

output

VLAN 50

name "switchtest".

output

hostname "Switch_1.

location 1/0 1! Dell network N3024

battery

1 1 member! N3024

output

IP routing

!

loopback interface 1

IP 10.0.0.1 address 255.255.255.255

IP ospf area 0

output

interface vlan 1

DHCP IP address

output

interface vlan 50

172.16.0.1 IP address 255.255.255.252

IP ospf area 0

output

router ospf

router ID 10.0.0.1

10.0.0.1 network 255.255.255.255 area 0

network 172.16.0.0 255.255.255.252 area 0

output

!

item in gi1/0/1 interface

Description 'Switch '.

switchport access vlan 50

output

Server SNMP engineid local 800002a203f8b1566f36c4

router bgp 65001

router BGP 10.0.0.1 ID

172.168.0.0 netmask 255.255.255.252

10.0.0.1 netmask 255.255.255.255

172.16.0.2 neighbor remote - as 65002

neighbor 172.16.0.2 are created by default

output

output

Switch_1 #show ip bgp

BGP table version is 7, local router ID is 10.0.0.1

Status codes: s removed, * valid, > best, i - internal

Source codes: i - IGP, e - EGP? -incomplete

Network Next Hop metric LocPref path origin

------------------- ---------------- ---------- ---------- ------------- ------

* > 172.16.0.0/30 172.16.0.2 1 100 65002 I

* > 192.168.100.0/30 172.16.0.2 1 100 65002 I

* > I have 10.0.0.1/32 0.0.0.0 1 100 I

* > 10.0.0.2/32 172.16.0.2 1 100 65002 I

Switch_1 #show ip bgp sum

IPv4 routing... Enable

BGP Admin Mode... Enable

BGP router ID... 10.0.0.1

Local AS number... 65001

Traps ......................................... Disable

Maximum paths... 1

Maximum paths IBGP... 1

Default Keep Alive Time... 30

Default hold time... 90

Number of entries of network... 4

Number of PATHS... 1

Default metric... Not configured

Advertise default route... NO.

Redistribution:

Dist metric list of source route map

--------- ---------- -------------------------------- --------------------------------

Neighbor ASN MsgRcvd MsgSent State down time Pfx Rcvd

---------------- ----- -------- -------- ------------- -------------- ---------

172.16.0.2 65002 78 82 ESTABLISHED 0:00:23:24 3

Switch_1 #show ip route

The traffic code: R - RIP derived, O - OSPF derived, C - connected, S - static

B - Derived E - from outside, AI - BGP OSPF Inter zone

E1 - OSPF external Type 1, E2 - OSPF external Type 2

N1 - OSPF NSSA external Type 1, N2 - OSPF NSSA external Type 2

S U - unnumbered Peer, L - flight road

* Indicates the best route (the lowest metric) for the subnet.

No default gateway is configured.

*10.0.0.1/32 C [0/1] directly connected, Lo1

B *10.0.0.2/32 [20/1] via 172.16.0.2, Vl50

10.0.0.2/32 [110/11] via 172.16.0.2, Vl50

*172.16.0.0/30 C [0/1] directly connected, Vl50

B 172.16.0.0/30 [20/1] via 172.16.0.2, Vl50

B *192.168.100.0/30 [20/1] via 172.16.0.2, Vl50

192.168.100.0/30 [110/20] through 172.16.0.2, Vl50

SWITCH 2

Configure

VLAN 50 100

output

VLAN 50

name "SwitchTest".

output

VLAN 100

name of the 'Switch '.

output

hostname "Switch_2".

location 1/0 2. Dell network N3024F

battery

1 2 Member! N3024F

output

IP routing

!

loopback interface 0

output

!

loopback interface 1

10.0.0.2 IP address 255.255.255.255

output

interface vlan 1

DHCP IP address

output

interface vlan 50

IP 172.16.0.2 255.255.255.252

IP ospf area 0

output

interface vlan 100

IP 192.168.100.1 255.255.255.252

output

router ospf

router ID 10.0.0.2

10.0.0.2 network 255.255.255.255 area 0

network 172.16.0.0 255.255.255.252 area 0

network 192.168.100.0 255.255.255.252 area 0

output

!

interface item in gi1/0/23

switchport access vlan 100

output

!

interface item in gi1/0/24

Description 'Switch '.

switchport access vlan 50

output

Server SNMP engineid local 800002a203f8b156530097

router bgp 65002

router BGP 10.0.0.2 ID

172.16.0.0 netmask 255.255.255.252

192.168.100.0 netmask 255.255.255.252

10.0.0.2 netmask 255.255.255.255

neighbor remote - as 65001 172.16.0.1

output

output

Switch_2 #show ip bgp

Version of BGP table is 9, local router ID is 10.0.0.2

Status codes: s removed, * valid, > best, i - internal

Source codes: i - IGP, e - EGP? -incomplete

Network Next Hop metric LocPref path origin

------------------- ---------------- ---------- ---------- ------------- ------

* > I have 172.16.0.0/30 0.0.0.0 1 100 I

* > I have 192.168.100.0/30 0.0.0.0 1 100 I

* > 10.0.0.1/32 172.16.0.1 1 100 65001 I

* > I have 10.0.0.2/32 0.0.0.0 1 100 I

Switch_2 #show ip bgp sum

IPv4 routing... Enable

BGP Admin Mode... Enable

BGP router ID... 10.0.0.2

Local AS number... 65002

Traps ......................................... Disable

Maximum paths... 1

Maximum paths IBGP... 1

Default Keep Alive Time... 30

Default hold time... 90

Number of entries of network... 4

Number of PATHS... 1

Default metric... Not configured

Advertise default route... NO.

Redistribution:

Dist metric list of source route map

--------- ---------- -------------------------------- --------------------------------

Neighbor ASN MsgRcvd MsgSent State down time Pfx Rcvd

---------------- ----- -------- -------- ------------- -------------- ---------

172.16.0.1 65001 83 82 ESTABLISHED 0:00:24:32 1

Switch_2 #show ip route

The traffic code: R - RIP derived, O - OSPF derived, C - connected, S - static

B - Derived E - from outside, AI - BGP OSPF Inter zone

E1 - OSPF external Type 1, E2 - OSPF external Type 2

N1 - OSPF NSSA external Type 1, N2 - OSPF NSSA external Type 2

S U - unnumbered Peer, L - flight road

* Indicates the best route (the lowest metric) for the subnet.

No default gateway is configured.

B *10.0.0.1/32 [20/1] via 172.16.0.1, Vl50

10.0.0.1/32 [110/11] via 172.16.0.1, Vl50

*10.0.0.2/32 C [0/1] directly connected, Lo1

*172.16.0.0/30 C [0/1] directly connected, Vl50

*192.168.100.0/30 C [0/1] directly connected, Vl100

Switch_2 #show ip route 0.0.0.0

The traffic code: R - RIP derived, O - OSPF derived, C - connected, S - static

B - Derived E - from outside, AI - BGP OSPF Inter zone

E1 - OSPF external Type 1, E2 - OSPF external Type 2

N1 - OSPF NSSA external Type 1, N2 - OSPF NSSA external Type 2

S U - unnumbered Peer, L - flight road

* Indicates the best route (the lowest metric) for the subnet.

No default gateway is configured.

No route found.

Solution:

Dell switches need to be turned on in the config.

router bgp * AS number *.

default-information originate always

Stateful HA with BGP

Hi all

I'm new here on this forum. Please bare with me for my post :)

I use SonicWall 3600 HA Stateful configuration. We plan to enable BGP support the requirement of our endpoint connection.

My questions are:

(1) when the stateful HA is activate, is sync configuration backup device BGP?

(2) should I buy license BGP for both devices (Active/Backup)?

(3) it is ideal to use HA Stateful configuration with BGP turned on?

Hope someone can help me :)

Thanks in advance,

Joven D.

(1) when the stateful HA is activate, is sync configuration backup device BGP?

Yes, all Configurations that are Sync'd.

(2) should I buy license BGP for both devices (Active/Backup)?

# All licenses are sync'd between 2 devices, after have been related to MySonicWALL.com

(3) it is ideal to use HA Stateful configuration with BGP turned on?

With discussion with other technicians, BGP has no effect on your HA or Stateful setting. BGP as a protocol cannot be sync would be between 2 devices, as when the first goes down there will be a re-synchronization with remote anyway because it works ontop of a TCP connection. There are SIDES, but when Eve is activated it will always ask for the full table.

So in short, I don't see a downside to running Stateful HA with BGP have set up on this device.

If I find more documentation or someone else tells me otherwise I will update this thread.

Thank you
Ben D
#Iwork4Dell

configuration of VLAN and routing problem 6224 switch

I, m having a problem accessing internet to vlan 10. I can ping everything of all the VLANS. My internet router/firewall is on ethernet 1/g11 and has an ip address of 192.168.5.254. I have no problem accessing internet to vlan 20. I add a static route to my router/firewall. What Miss me? This is my first configure a layer 3 switch.

Configure
database of VLAN
VLAN 10.20
output
battery
1 1 member
output
IP 10.10.10.1 255.255.255.0
default IP gateway - 10.10.10.254
IP routing
IP route 0.0.0.0 0.0.0.0 192.168.5.254
interface vlan 10
Routing
IP 192.168.100.1 address 255.255.255.0
output
interface vlan 20
Routing

192.168.5.1 IP address 255.255.255.0
output

!
interface ethernet 1/g1
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10
output
!
interface ethernet 1/g2
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10
output
!
interface ethernet 1/g11
switchport mode general
switchport General pvid 20

No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 20
output
!
interface ethernet 1/g12
switchport mode general
switchport General pvid 20
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 20
output
!
interface ethernet 1/g13
switchport mode general
switchport General pvid 20
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 20
output
output

Route ip console #show

The traffic code: R - RIP derived, O - OSPF derived, C - connected, S - static
B - BGP derived, IA - OSPF Inter zone
E1 - OSPF external Type 1, E2 - OSPF external Type 2
N1 - OSPF NSSA external Type 1, N2 - OSPF NSSA external Type 2

S 0.0.0.0/0 [1/0] via 192.168.5.254, vlan 20
C 192.168.5.0/24 [0/0], directly connected, vlan 20
192.168.100.0/24 C [0/0], directly connected, vlan 10

Console #.

Original Site BGP attribute

Dear friends,

I tried to get a good understanding of the Site of origin of BGP attribute (not so EIGRP). I understand his idea and its impact, but there is a problem that I couldn't wrap my head around yet.

Quoting RFC 4364, Section 8:
```
                     We add one more restriction on the distribution of    routes from PE to CE: if a route's Site of Origin attribute    identifies a particular site, that route must never be redistributed    to any CE at that site. 
```
My understanding of this statement is that a site must be identifiable by a given value of the attribute of so, or in other words, there should be a way to assign a specific value of the attribute so to the entire site. Then, knowing the value of the so for the entire site, a route once appeared on this site should never be announced to him.

This is where my problems start. We know that there is not a strict mapping one to one between a site and a VRF. A site can consist of one or several VRF and is not actually represented by a single object in the IOS - it's rather a simple collection of VRF who share routing information in such a way that for mutual communication, the use of the vertebral column is not required. There is no representation of the site as a single object in the IOS and there is therefore no way to assign a particular site so as a whole. In addition, the attribute so is not yet configured on a basis of by-VRF, instead, it is pushed on the individual courses from USING a road map or a per neighbor configuration. What is so attribute on a given prefix from, then? I simply do not see how a whole VRF or an entire site is assigned its own value of so unique for comparison purposes, in a manner similar to the assignment of identifiers of road or road of targets based on per VRF.

So my question is: If the attribute so is pushed on routes from one THIS and these routes are announced to an another EP on the same site, how is the EP another knows the correct value of the site of the so so that it can compare to the so on prefixed receipt and not advertise routes to the site they came from? The VRF simply "inherits" the individual itineraries so as they are received and processed by a road-map set- ting so?

Any help and clarification is appreciated!

Best regards

Peter

Hi Peter,.

So for BGP is "related" to THAT neighbor. Thus, when a prefix must be announced to a neighbor, we check the so of the prefix with the so of the BGP neighbor. For anything else, he is bound to the interface.

The configuration can be done in four different ways (the setting of the so and the verification of the so is related to that):

(1) ' road-map in ' on what neighboring BGP command

(2) directly on the order of CE BGP neighbor

(3) plan of the site on the interface of the VRF and redistribution of the (static) IGP into BGP routes and (static), IGP point to this interface

(4) plan of the site on the command interface and network VRF

General principle (but you know it):

http://www.Cisco.com/en/us/partner/docs/iOS/ios_xe/iproute_bgp/configuration/guide/irg_neighbor_soo_xe.html

With the help of a roadmap and setting different for different prefixes from the same neighbor BGP SoO doesn't make much sense, so I guess that we were never bothered by possible nonuniqueness in the configuration when you look at what a 'site' is.

Thank you

Luke

DMVPN BGP and EIGRP

I am in the initial phase of research DMVPN. We currently have an MPLS network running BGP. Each site has Internet at home as well as a VPN site-to-site is built on the router and talks to an ASA when the SPLM fails.

I want to implement DMVPN to do away with the site to site VPN and ASA. I'm going to run EIGRP on routers to connect DMVPN. Are there any good whitepapers on BGP as the main path and by EIGRP on the DMVPN as a backup? Or no focus on a general config?

Thank you

It's really the main issue.

With your configuration DMVPN roads will be internal EIGRP of an advertisement of 90, so your default DC prefer DMVPN on MPLS, which is exactly what you don't want.

There are several ways around this as summarizing through DMPVN, redistribution connected on the sites of the branch in EIGRP so roads DMVPN are external as well and then changing measures etc.

The other alternative I have ever done so it's for your information is really Cisco have what is called a solution IWAN where DMVPN is performed everywhere that is, even through the MPLS network.

That would solve your problem of external routes internal EIGRP but IWAN vs is much more than just that, even if you do not need necessarily to implement the entire solution at a time.

I just thought that it should be mentioned, and if you want more information on this I can direct you to the design guide.

Jon

IOS XR MPLS VPN L3 + BGP error message

I use the file "iosxrv-k9-demo - 5.1.2" image on GNS3 for free practice.

When my IOS XR with MPLS L3 VPN router and assigning an interface of IOS XR to a VRF, it gives an error:

RP/0/0 / CPU0:Feb 19 20:16:50.182: bgp [1048]: ROUTING-BGP-3-RPC_SET_ERROR %: [22]: read all RPC operation: Table. Error: ' Subsystem (3373) "detected the status of 'fatal', 'Code (37)': pkg/bin/PMO: (PID = 663826):-traceback = b395988 b229e9c 8226a4b 8224bdc afb2e7c b22d857 8267050.

looking for a solution.

Hi umesh, there is a table operation handler problem that has been fixed in xr 513. When the list is empty, it returns "error", but which is not necessary to return the error, an empty list can be ok, so the sw fix that went in is to check that and return errors more detailed codes inside the s in this case table operations and PMO communition XR (which is made via RPC or remote call procedure).

few options who may be here to try:

-1 ignore it and continue the configuration

-2 set all definitions of vrf first under router bgp and everywhere where necessary before you assign it to an interface

-3 clear config, reboot, apply the new configuration step by step with the first definitions of vrf and last to apply to the interface.

-4 Download xr513 XRv.

see you soon

Xander

Duplicate BGP AS path

Hello guys,.

Today at awkward work something caught my attention.

The situation returns to BGP, when I run the command sh ip bgp, the output gives me this:

RT52162 #sh ip bgp
Version of BGP table is 56, local router ID is 10.10.0.16
Status codes: deleted, cushioning d s, history of h, * valid, > best, i - internal.
r SIDE-failure, stale S
Source codes: i - IGP, e - EGP,? -incomplete

Network Next Hop path metrics LocPrf weight
* 0.0.0.0 172. **. 161 50 0 15 * 15 * 5 5 65010?
*>                                 172.**.***.169                        0          15**5 65010 ?
*> 10.**.0.16/32      0.0.0.0                    0      32768 ?
*> 10.**.0.0/16          0.0.0.0                    0            32768 ?

The part "BOLD" of the output is exactly the same thing, and this connection works on ATM.

I can't understand this question, so if someone could explain to me why this is happening or how can we solve it, I have other sites configured the with the same configuration and it gives me the same exact result.

Hello

The nearby 172.xxx.xxx.161 done AS_PATH adding by adding at the beginning of his time number one DID when advertising the default route so it is considered to be a neighbor of backup.

Concerning

Alain

Metric IGP into BGP MED copied.

Hi all

I have a problem of BGP that inherits from my IGP metric value in its attribute MED. I have an EBGP peering with my client. I send only specific to my counterpart ebgp routers using network commands in BGP.i receive the prefixes by ospf in my table.i itinerary not to redistribute these routes to bgp, but network command allows to advertise in BGP.

My question is when these prefixes are to be sent to my EBGP peer, he takes the metric value of the IGP and fasten it as value MED. This is an impact on the choice of the route of my client which is in a MPLS cloud. Is this a normal behavior... or how to stop the BGP will send this MED value.

Kind regards

Jean-Pierre

Discovering that you send to an eBGP neighbor, drugs even if you never wanted, can be a surprise, but it happens. If the injected into BGP route (either using 'network' or 'redistribute' order) comes from an IGP, MED is derived from the IGP metric, and the road was announced to a neighboring eBGP with this med. Guiseppe has already provided a solution for your problem. Another option is to inject routes into BGP using the command 'aggregate-address', in which case MED is not defined. Personally, I prefer the configuration command "network" combined with the solution that Giuseppe suggested.

BGP configuration

Similar Questions

Maybe you are looking for