Previous | Table of Contents | Next |
BGP Policies Conflicting with the Internal Default
Anytime internal routers are following defaults to reach routes unknown to the AS, you should be careful not to create routing loops. A routing loop occurs when router X follows a default toward router Y, which in turn uses router X to reach the destination. The traffic will end up bouncing between routers X and Y.
The default route 0/0 is injected differently from BGP into the IGP, depending on what IGP you are using. Different scenarios will be considered, utilizing OSPF, RIP, EIGRP, and ISIS as the IGPs.
In the following scenarios, we will consider the case where routers RTA and RTF in Figure 11-11 are not directly connected. As you will see, this will make configuration harder and more vulnerable to routing loops.
Figure 11-11 Following default inside the AS; border routers no connected.
Consider figure 11-11. Assume that AS3 is setting its policies in a primary/backup environment where the NY link is primary, and the SF link is a backup. As such, RTA learns its IBGP routes with a higher local preference than its EBGP routes and will always direct its traffic toward its IBGP peer RTF. In case RTG is receiving the 0/0 from both RTA and RTF, RTG must pick the default via RTF (primary); otherwise, a routing loop will occur. The following sequence of events will explain why.
RTG tries to send traffic to a destination outside AS3. RTG will follow the default toward RTA. RTA has its BGP policies set to use RTF as the exit point. To reach RTF, RTA uses RTG as a first hop. RTG receives the traffic destined to the outside destination and sends it back to RTA, and the loop occurs.
To avoid the preceding situation, you can use any of the following methods:
Notes:
This method works most easily in a primary/backup environment. In cases were the exit point is not defined, it is hard to figure out which router should send the default. In such cases, any border router that receives the traffic should be able to send it on its direct external link.
We already used the second method in the previous example. The third method is straightforward and will not be covered. In each of the following scenarios, we will consider a different IGP and use either the first or fourth method to solve our problem. Even though we will use just one method in addressing each case, both methods 1 and 4 can be used with any of the IGPs.
To make our problem easier, we will assume that RTA and RTF are dynamically getting a 0/0 default from their providers (regardless of whether they need it). The following discussions experiment with how injecting defaults is treated in a Cisco environment.
Using OSPF as IGP
You can inject the 0/0 default into OSPF by using the following router command:
default-information originate [always] [metric value] [metric-type type] [route-map name]
The default-information originate (without the always keyword) will inject a default 0/0 into OSPF only if the router itself has a default. The always keyword cannot be used here because, in case of a link failure, the border router would continue to inject a default in the IGP, even though it cannot deliver the traffic anymore (remember that there is no direct link between border routers).
If RTA and RTF are both configured with the router command default-information originate, this is what could happen: RTA receives a 0/0 via EBGP and IBGP. Because RTA is preferring everything via RTF (higher local preference), RTA will prefer the 0/0 via IBGP. Because RTA has a default (via BGP), it will start injecting the default into IGP. We are in a situation where both routers are generating defaults, and a loop may occur.
You might say, because the NY link is the primary, RTA should not send any defaults. This reasoning will fail because if the NY link goes down, RTF stops advertising a 0/0 into the IGP. RTA is not sending any defaults either, so traffic cannot exit the AS.
The solution to our problems is to have RTA and RTF inject a default only if they have a default themselves and only if the default they prefer comes from EBGP. When RTA detects that it is preferring the 0/0 via EBGP rather than IBGP, it would get an indication that there is a problem with the NY link and would start sending the default. This could be achieved by using a route map in conjunction with the default-information originate router command.
RTA configuration:
router ospf 10 passive-interface Serial0 network 172.16.0.0 0.0.255.255 area 0 default-information originate route-map SEND_DEFAULT_IF router bgp 3 no synchronization network 172.16.220.0 mask 255.255.255.0 network 172.16.70.0 mask 255.255.255.0 neighbor 172.16.20.1 remote-as 1 neighbor 172.16.20.1 filter-list 10 out neighbor 172.16.50.1 remote-as 3 neighbor 172.16.50.1 route-map setlocalpref in no auto-summary ip as-path access-list 10 permit ^$ access-list 1 permit 0.0.0.0 access-list 2 permit 172.16.20.1 route-map setlocalpref permit 10 set local-preference 300 route-map SEND_DEFAULT_IF permit 10 match ip address 1 match ip next-hop 2
Note the route map SEND_DEFAULT_IF associated with the default-information originate router command. This route map matches on the condition that the 0/0 default (access-list 1) has a next hop of 172.16.20.1 (access-list 2). This satisfies the condition that the 0/0 is learned via EBGP rather than IBGP. If this is the case, RTA will detect a link failure in NY and will start injecting its own 0/0 into OSPF.
Previous | Table of Contents | Next |