| Previous | Table of Contents | Next |
BGP Policies Conflicting with the Internal Default
Anytime internal routers are following defaults to reach routes unknown to the AS, you should be careful not to create routing loops. A routing loop occurs when router X follows a default toward router Y, which in turn uses router X to reach the destination. The traffic will end up bouncing between routers X and Y.
The default route 0/0 is injected differently from BGP into the IGP, depending on what IGP you are using. Different scenarios will be considered, utilizing OSPF, RIP, EIGRP, and ISIS as the IGPs.
In the following scenarios, we will consider the case where routers RTA and RTF in Figure 11-11 are not directly connected. As you will see, this will make configuration harder and more vulnerable to routing loops.
)
Figure 11-11 Following default inside the AS; border routers no connected.
Consider figure 11-11. Assume that AS3 is setting its policies in a primary/backup environment where the NY link is primary, and the SF link is a backup. As such, RTA learns its IBGP routes with a higher local preference than its EBGP routes and will always direct its traffic toward its IBGP peer RTF. In case RTG is receiving the 0/0 from both RTA and RTF, RTG must pick the default via RTF (primary); otherwise, a routing loop will occur. The following sequence of events will explain why.
RTG tries to send traffic to a destination outside AS3. RTG will follow the default toward RTA. RTA has its BGP policies set to use RTF as the exit point. To reach RTF, RTA uses RTG as a first hop. RTG receives the traffic destined to the outside destination and sends it back to RTA, and the loop occurs.
To avoid the preceding situation, you can use any of the following methods:
- 1. Make sure that RTA does not inject a 0/0 in the IGP unless the primary link goes down. In normal conditions, all traffic will follow the default toward RTF and will be able to exit the AS. In case of a NY link failure, RTA should start sending defaults in the IGP.
Notes:
This method works most easily in a primary/backup environment. In cases were the exit point is not defined, it is hard to figure out which router should send the default. In such cases, any border router that receives the traffic should be able to send it on its direct external link.
- 2. Make sure that the border router (RTA) does not send the traffic back to the Internal router (RTG), which already used it (RTA) as default. This could be done by providing a shorter path (metric-wise) via the BGP routers; for example, by having a direct physical link between RTA and RTF. If RTG uses RTA as default, RTA will use its directly connected link to send the traffic back to RTF.
- 3. Run a full IBGP mesh between RTA, RTG, and RTF. RTG would learn all routes via BGP.
- 4. Manipulate the metrics in such a way that the internal router (RTG) always gets a lower metric via the primary.
- 2. Make sure that the border router (RTA) does not send the traffic back to the Internal router (RTG), which already used it (RTA) as default. This could be done by providing a shorter path (metric-wise) via the BGP routers; for example, by having a direct physical link between RTA and RTF. If RTG uses RTA as default, RTA will use its directly connected link to send the traffic back to RTF.
We already used the second method in the previous example. The third method is straightforward and will not be covered. In each of the following scenarios, we will consider a different IGP and use either the first or fourth method to solve our problem. Even though we will use just one method in addressing each case, both methods 1 and 4 can be used with any of the IGPs.
To make our problem easier, we will assume that RTA and RTF are dynamically getting a 0/0 default from their providers (regardless of whether they need it). The following discussions experiment with how injecting defaults is treated in a Cisco environment.
Using OSPF as IGP
You can inject the 0/0 default into OSPF by using the following router command:
default-information originate [always] [metric value] [metric-type type] [route-map name]
The default-information originate (without the always keyword) will inject a default 0/0 into OSPF only if the router itself has a default. The always keyword cannot be used here because, in case of a link failure, the border router would continue to inject a default in the IGP, even though it cannot deliver the traffic anymore (remember that there is no direct link between border routers).
If RTA and RTF are both configured with the router command default-information originate, this is what could happen: RTA receives a 0/0 via EBGP and IBGP. Because RTA is preferring everything via RTF (higher local preference), RTA will prefer the 0/0 via IBGP. Because RTA has a default (via BGP), it will start injecting the default into IGP. We are in a situation where both routers are generating defaults, and a loop may occur.
You might say, because the NY link is the primary, RTA should not send any defaults. This reasoning will fail because if the NY link goes down, RTF stops advertising a 0/0 into the IGP. RTA is not sending any defaults either, so traffic cannot exit the AS.
The solution to our problems is to have RTA and RTF inject a default only if they have a default themselves and only if the default they prefer comes from EBGP. When RTA detects that it is preferring the 0/0 via EBGP rather than IBGP, it would get an indication that there is a problem with the NY link and would start sending the default. This could be achieved by using a route map in conjunction with the default-information originate router command.
RTA configuration:
router ospf 10
passive-interface Serial0
network 172.16.0.0 0.0.255.255 area 0
default-information originate route-map SEND_DEFAULT_IF
router bgp 3
no synchronization
network 172.16.220.0 mask 255.255.255.0
network 172.16.70.0 mask 255.255.255.0
neighbor 172.16.20.1 remote-as 1
neighbor 172.16.20.1 filter-list 10 out
neighbor 172.16.50.1 remote-as 3
neighbor 172.16.50.1 route-map setlocalpref in
no auto-summary
ip as-path access-list 10 permit ^$
access-list 1 permit 0.0.0.0
access-list 2 permit 172.16.20.1
route-map setlocalpref permit 10
set local-preference 300
route-map SEND_DEFAULT_IF permit 10
match ip address 1
match ip next-hop 2
Note the route map SEND_DEFAULT_IF associated with the default-information originate router command. This route map matches on the condition that the 0/0 default (access-list 1) has a next hop of 172.16.20.1 (access-list 2). This satisfies the condition that the 0/0 is learned via EBGP rather than IBGP. If this is the case, RTA will detect a link failure in NY and will start injecting its own 0/0 into OSPF.
| Previous | Table of Contents | Next |