Router only speaks IGP in BGP network
Dear all In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem? thanks -- Tarig Y. Adam CTO - SUIN www.suin.edu.sd
In a message written on Thu, Dec 23, 2010 at 09:18:57PM +0300, Tarig Yassin wrote:
In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem?
Sounds like the textbook case of how folks use MPLS. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Hello Tarig, Setup a gre tunnel between the two bgp speakers and do ibgp over the gre tunnel? (not clean but it works) or mpls.. If you implement the other solution mentioned you're creating routing loops. On 23 December 2010 19:18, Tarig Yassin <tariq198487@hotmail.com> wrote:
Dear all
In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem?
thanks
-- Tarig Y. Adam CTO - SUIN www.suin.edu.sd
-- Wouter Prins wp@null0.nl
You could use a GRE tunnel to get traffic from one edge BGP outer to the other edge BGP router. Then run BGP over this link. - Brian J.
-----Original Message----- From: Tarig Yassin [mailto:tariq198487@hotmail.com] Sent: Thursday, December 23, 2010 12:19 PM To: nanog; afnog@afnog.org Subject: Router only speaks IGP in BGP network
Dear all
In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem?
thanks
-- Tarig Y. Adam CTO - SUIN www.suin.edu.sd
CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
On 12/25/2010 3:36 AM, Mark Tinka wrote:
On Friday, December 24, 2010 07:26:43 am Randy Bush wrote:
and do NOT redistribute bgp into ospf.
This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out.
Mark.
If you're only redistributing 10 prefixes into OSPF? Problem?
On Sat, 25 Dec 2010 08:52:42 -0500 ML <ml@kenweb.org> wrote:
On 12/25/2010 3:36 AM, Mark Tinka wrote:
On Friday, December 24, 2010 07:26:43 am Randy Bush wrote:
and do NOT redistribute bgp into ospf.
This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out.
Mark.
If you're only redistributing 10 prefixes into OSPF? Problem?
I've had to do it when transitioning between a legacy ISP routing domain and a "BGP for everything" model. The old routing domain had customer routes in both OSPF and BGP, while the new one used BGP for customer routes only. As I had to make the new network customer routes visible in the old network, and the legacy network didn't have a complete BGP mesh or RR setup (i.e. a broken BGP model), pushing routes from new BGP into old OSPF was the only choice. I liberally used the OSPF external route tag and BGP communities to classify routes and to control redistribution and avoid redistribution loops. So you can do it, as long as you're very careful, and make sure you keep reminding yourself that you're playing with a loaded gun with the safety off. Something definitely worth avoiding if you can. Regards, Mark.
On Sat, Dec 25, 2010 at 08:52:42AM -0500, ML wrote:
If you're only redistributing 10 prefixes into OSPF? Problem?
I know I'm a little late to this thread, but figured I'd point out one reason why this can be very dangerous: In IOS, you use a route-map to control redistribution between protocols. For example, if you want to redist just those BGP prefixes tagged with a specific community into OSPF, you will probably configure something that looks like this: route-map bgp-to-ospf permit 10 match community $COMMUNITY ! route-map bgp-to-ospf deny 20 ! router ospf $PID redistribute bgp $ASN subnets route-map bgp-to-ospf Now, consider the following failure scenarios: 1. Someone typo's a BGP config elsewhere in your network and attaches $COMMUNITY to a whole bunch more routes... say, all 350k being sent by your upstream provider. *oops* 2. An engineer thinks that there's something wrong with the redistribution and decides to temporarily disable it as part of the troubleshooting process. He types the following: conf t router ospf $PID no redistribute bgp $ASN subnets route-map bgp-to-ospf *boom* He just dumped all BGP routes into OSPF, due to the way IOS parses the command: it removes the route-map but leaves the redistribution intact. To be fair, Cisco does provide you with tools to mitigate this risk (see the "redistribute maximum-prefix" command) but the point is that this is a fairly easy mistake to make. At the end of the day, the reason that many folks advise against the redistribution of BGP into an IGP is that it sets the stage for a seemingly insignificant mistake to cause a not-so-insignificant outage. --Jeff
On Jan 3, 2011, at 8:02 PM, Jeff Aitken <jaitken@aitken.com> wrote:
On Sat, Dec 25, 2010 at 08:52:42AM -0500, ML wrote:
If you're only redistributing 10 prefixes into OSPF? Problem?
I know I'm a little late to this thread, but figured I'd point out one reason why this can be very dangerous:
In IOS, you use a route-map to control redistribution between protocols. For example, if you want to redist just those BGP prefixes tagged with a specific community into OSPF, you will probably configure something that looks like this:
route-map bgp-to-ospf permit 10 match community $COMMUNITY ! route-map bgp-to-ospf deny 20 ! router ospf $PID redistribute bgp $ASN subnets route-map bgp-to-ospf
Now, consider the following failure scenarios:
1. Someone typo's a BGP config elsewhere in your network and attaches $COMMUNITY to a whole bunch more routes... say, all 350k being sent by your upstream provider. *oops*
2. An engineer thinks that there's something wrong with the redistribution and decides to temporarily disable it as part of the troubleshooting process. He types the following:
conf t router ospf $PID no redistribute bgp $ASN subnets route-map bgp-to-ospf
*boom*
He just dumped all BGP routes into OSPF, due to the way IOS parses the command: it removes the route-map but leaves the redistribution intact. To be fair, Cisco does provide you with tools to mitigate this risk (see the "redistribute maximum-prefix" command) but the point is that this is a fairly easy mistake to make.
At the end of the day, the reason that many folks advise against the redistribution of BGP into an IGP is that it sets the stage for a seemingly insignificant mistake to cause a not-so-insignificant outage.
--Jeff
This is an interesting point. But why cisco *no* command does not remove the redistribute , I think it should do. Thanks
On 12/25/2010 3:36 AM, Mark Tinka wrote:
On Friday, December 24, 2010 07:26:43 am Randy Bush wrote:
and do NOT redistribute bgp into ospf.
This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out.
Oh please. OSPF loves it when you shove a few 100k routes into it. -- Jeremy L. Gaddis
participants (11)
-
Brian Johnson
-
Jeff Aitken
-
Jeremy L. Gaddis
-
Leo Bicknell
-
Mark Smith
-
Mark Tinka
-
ML
-
Randy Bush
-
Tarig Ahmed
-
Tarig Yassin
-
Wouter Prins