- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: [A5500] Redundancy of static route over BGP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2016 07:31 AM - edited 03-15-2016 03:38 PM
03-15-2016 07:31 AM - edited 03-15-2016 03:38 PM
Bonjour from France,
I have 2 IRF-stack with a layer-2 connection between them.
The second stack is on a backup site for the PCR.
IP address :
- first stack (Main site) : 10.0.0.252/24 ;
- second stack (Backup site) : 10.0.0.253/24.
I created 2 VRFs on each IRF stack :
- vpn_main (vlan 100) ;
- vpn_customerA (vlan 1002).
There is a VLAN interface for vpn_customerA VRF on each stack :
- first stack : 10.0.5.9/29 ;
- second stack : 10.0.5.10/29.
I have 2 CPE in the vpn_main VRF :
- CPE1 : 10.0.0.204/24 ;
- CPE2 : 10.0.0.203./24
CPE2 is the backup nexthop of CPE1.
CPE1 and CPE2 makes routing between 10.0.0.0/24 and 10.3.0.0/16
Each VRF is linked with the other (vpn-target 100:1 1002:1 both).
I configure BGP in 2 vpn4 family to import the static route.
In the vpn_customerA from main site I put a static route : ip route-static vpn-instance vpn_customerA 10.3.224.0 255.255.240.0 vpn-instance vpn_main 10.0.0.204
In the vpn_customerA from second site I put an other static route : ip route-static vpn-instance vpn_customerA 10.3.224.0 255.255.240.0 vpn-instance vpn_main 10.0.0.203
Finally, I have a router (10.0.5.11/29) with 2 BGP sessions :
- First with 10.0.5.9 ;
- Second with 10.0.5.10.
This router gets 10.3.224.0/20 from vpn_customerA (Main site).
but when I cut the link between this router and 10.0.5.9, I expect that a new BGP route from 10.0.5.10 will be receipt but no.
I wonder why is it always the static route over BGP...
Some help is welcome ! :)
Best regards,
Jacques
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2016 08:55 AM - edited 03-15-2016 08:58 AM
03-15-2016 08:55 AM - edited 03-15-2016 08:58 AM
Re: [A5500] Redundancy of static route over BGP
In fact, the problem is not the router 10.0.5.11 but the switch on main site.
When I down the interface where is connected 10.0.0.204 and I type display display ip routing-table vpn-instance vpn_customerA, I get :
Routing Tables: vpn_customerA
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 10.0.5.11 Vlan1002
10.0.0.0/24 BGP 130 10 10.0.0.252 Vlan100
10.0.5.8/29 Direct 0 0 10.0.5.9 Vlan1002
10.0.5.9/32 Direct 0 0 127.0.0.1 InLoop0
10.3.224.0/20 Static 60 0 10.0.0.204 Vlan100
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
When I type display ip routing-table vpn-instance vpn_customerA protocol bgp, I get :
vpn_customerA Routing Table : BGP
Summary Count : 2
BGP Routing Table Status : <Active>
Summary Count : 1
Destination/Mask Proto Pre Cost NextHop Interface
10.0.0.0/24 BGP 130 10 10.0.0.252 Vlan100
BGP Routing table Status : <Inactive>
Summary Count : 1
Destination/Mask Proto Pre Cost NextHop Interface
10.3.224.0/20 BGP 255 0 10.0.5.10 Vlan1002
So, I understand that the route doesn't switch on the other site :(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2016 12:45 PM
03-15-2016 12:45 PM
Re: [A5500] Redundancy of static route over BGP
Posting configs & drawing might help.
You're using a static route to 10.0.0.204.
This route will not disappear after shutting down the ethernet interface where 10.0.0.204 is connected!
Only when VLAN100 interface goes down, this static route will disappear..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2016 03:37 PM - edited 03-17-2016 04:04 AM
03-15-2016 03:37 PM - edited 03-17-2016 04:04 AM
Re: [A5500] Redundancy of static route over BGP
Bonsoir 16again and thank you,
So, do you think that I can find a solution to my problem while keeping the constraint to subnet 10.3.0.0/16 with /20 (or another mask) ? I can't modify the CPE's BGP configuration (these routers don't belong to me) and I need to allocate subnetwork in every future VRF without keeping the initial mask /16.
Please find a drawing in file-attach and below the configurations :
----- BEGINNING SW-MAIN-----
#
version 5.20.99, Release 5501P19
#
sysname sw-main
#
router id 10.0.0.252
#
ip vpn-instance vpn_CustomerA
route-distinguisher 1002:1
vpn-target 1002:1 100:1 export-extcommunity
vpn-target 1002:1 100:1 import-extcommunity
#
ip vpn-instance vpn_main
route-distinguisher 100:1
vpn-target 100:1 1002:1 export-extcommunity
vpn-target 100:1 1002:1 import-extcommunity
#
vlan 1
#
vlan 100
#
vlan 1002
#
interface Vlan-interface100
ip binding vpn-instance vpn_main
ip address 10.0.0.252 255.255.255.0
ospf dr-priority 255
vrrp vrid 100 virtual-ip 10.0.0.252
vrrp vrid 100 priority 254
#
interface Vlan-interface1002
ip binding vpn-instance vpn_CustomerA
ip address 10.0.5.9 255.255.255.248
ospf dr-priority 255
vrrp vrid 100 virtual-ip 10.0.5.9
vrrp vrid 100 priority 254
#
bgp 65001
default med 10
undo synchronization
#
ipv4-family vpn-instance vpn_CustomerA
peer 10.0.5.10 as-number 65001
peer 10.0.5.11 as-number 65001
network 10.3.224.0 255.255.240.0
import-route direct
peer 10.0.5.10 connect-interface Vlan-interface1002
peer 10.0.5.11 connect-interface Vlan-interface1002
#
ipv4-family vpn-instance vpn_main
peer 10.0.0.204 as-number 65289
peer 10.0.0.253 as-number 65001
peer 10.0.0.254 as-number 65001
default med 10
import-route direct
peer 10.0.0.204 connect-interface Vlan-interface100
peer 10.0.0.204 preferred-value 100
peer 10.0.0.253 connect-interface Vlan-interface100
peer 10.0.0.254 connect-interface Vlan-interface100
#
ospf 1 router-id 10.0.0.252 vpn-instance vpn_main
peer 10.0.0.253
peer 10.0.0.254
area 0.0.0.0
network 10.0.0.0 0.0.0.255
#
ospf 1002 router-id 10.0.5.9 vpn-instance vpn_CustomerA
peer 10.0.5.10
peer 10.0.5.11
area 0.0.0.0
network 10.0.5.8 0.0.0.7
#
ip route-static vpn-instance vpn_CustomerA 0.0.0.0 0.0.0.0 Vlan-interface1002 10.0.5.11
ip route-static vpn-instance vpn_CustomerA 10.3.224.0 255.255.240.0 vpn-instance vpn_main 10.0.0.204
ip route-static vpn-instance vpn_main 0.0.0.0 0.0.0.0 Vlan-interface100 10.0.0.254
----- END SW-MAIN -----
----- BEGINNING SW-BACKUP-----
#
version 5.20.99, Release 5501P19
#
sysname sw-backup
#
router id 10.0.0.253
#
ip vpn-instance vpn_CustomerA
route-distinguisher 1002:1
vpn-target 1002:1 100:1 export-extcommunity
vpn-target 1002:1 100:1 import-extcommunity
#
ip vpn-instance vpn_main
route-distinguisher 100:1
vpn-target 100:1 1002:1 export-extcommunity
vpn-target 100:1 1002:1 import-extcommunity
#
vlan 1
#
vlan 100
#
vlan 1002
#
interface Vlan-interface100
ip binding vpn-instance vpn_main
ip address 10.0.0.253 255.255.255.0
ospf dr-priority 128
vrrp vrid 100 virtual-ip 10.0.0.252
vrrp vrid 100 priority 128
#
interface Vlan-interface1002
ip binding vpn-instance vpn_CustomerA
ip address 10.0.5.10 255.255.255.248
ospf dr-priority 128
vrrp vrid 100 virtual-ip 10.0.5.9
vrrp vrid 100 priority 128
#
bgp 65001
default med 20
undo synchronization
#
ipv4-family vpn-instance vpn_CustomerA
peer 10.0.5.9 as-number 65001
peer 10.0.5.11 as-number 65001
network 10.3.224.0 255.255.240.0
import-route direct
peer 10.0.5.9 connect-interface Vlan-interface1002
peer 10.0.5.11 connect-interface Vlan-interface1002
#
ipv4-family vpn-instance vpn_main
peer 10.0.0.203 as-number 65289
peer 10.0.0.252 as-number 65001
peer 10.0.0.254 as-number 65001
default med 20
import-route direct
peer 10.0.0.203 connect-interface Vlan-interface100
peer 10.0.0.203 preferred-value 100
peer 10.0.0.252 connect-interface Vlan-interface100
peer 10.0.0.254 connect-interface Vlan-interface100
#
ospf 1 router-id 10.0.0.253 vpn-instance vpn_main
peer 10.0.0.252
peer 10.0.0.254
area 0.0.0.0
network 10.0.0.0 0.0.0.255
#
ospf 1002 router-id 10.0.5.10 vpn-instance vpn_CustomerA
peer 10.0.5.9
peer 10.0.5.11
area 0.0.0.0
network 10.0.5.8 0.0.0.7
#
ip route-static vpn-instance vpn_CustomerA 0.0.0.0 0.0.0.0 Vlan-interface1002 10.0.5.11
ip route-static vpn-instance vpn_CustomerA 10.3.224.0 255.255.240.0 vpn-instance vpn_main 10.0.0.203
ip route-static vpn-instance vpn_main 0.0.0.0 0.0.0.0 Vlan-interface100 10.0.0.254
----- END SW-BACKUP -----
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2016 02:31 PM
03-16-2016 02:31 PM
Re: [A5500] Redundancy of static route over BGP
Can you show BGP prefixes recieved from 10.0.0.204 (and on backup from 203) ?
If 10.3.x.x network is advertised, you can get rid of static route
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2016 03:25 PM
03-16-2016 03:25 PM
Re: [A5500] Redundancy of static route over BGP
Bonsoir 16again,
The prefixes received from 10.0.0.204 and 10.0.0.203 are :
- 10.1.0.0/16 le 32 ;
- 10.2.0.0/16 le 32 ;
- 10.3.0.0/16 le 32 ;
- 10.4.0.0/14 le 32 ;
- 10.8.0.0/13 le 32 ;
- 10.16.0.0/12 le 32 ;
- 10.32.0.0/11 le 32 ;
- 10.64.0.0/10 le 32 ;
- 10.128.0.0/9 le 32.
My problem is that I can't resize the netmask received from these CPE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2016 11:02 PM
03-16-2016 11:02 PM
SolutionWhy not simply use the 10.3.0.0/16 route in your network? If you do use more specific 10.3.x.x routes elsewhere (for instance 10.3.33.0/24) in your network, these route can coexist!
Also if you want to exclude access to your network from other 10.3 networks, you might use ACL like below:
permit ip source 10.3.224.0 255.255.240.0 dest any
deny ip source 10.3.0.0 255.255.0.0 dest any
permit ip any any
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2016 04:09 AM
03-17-2016 04:09 AM
Re: [A5500] Redundancy of static route over BGP
You're right about ACL or Acces-List but :
- I'll have another CPEs from another provider with the same prefixes (it's the reason that I use VPN-instance) ;
- If customerA wants for example 10.3.144.0/20 with the others providers, the route doesn't match.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2016 06:01 AM
03-17-2016 06:01 AM
Re: [A5500] Redundancy of static route over BGP
If you have route1 for 10.3.144.0/20 alongside route2 for 10.3.0.0/16 , route1 is most specific (longer match) and will be used for 10.3.144.0/20 destinations, for all other 10.3.0.0/16 destinations route 2 will be used.
Since you can't change the advertised 10.3.0.0/16 route, you have to use it as-is.
Off course you should only advertise this /16 route to VPN instance that's using it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2016 06:40 AM
03-17-2016 06:40 AM
Re: [A5500] Redundancy of static route over BGP
Unfortunately, I think I have no choice :(
I can't change the advertised route, so CustomerA instance receive 10.3.0.0/16 for vpn_main.
when I'll have vpn_main2 with the others CPEs that announce 10.3.0.0/16 and customerA wants to take a 10.3.x.x/20 subnet from them, it will be not possible.
I'd hope taht it was possible to modify the netmask in my network infrastructure with a "voodoo" mechanism :)
I should explain to customerA that he must choose a subnet excluded from 10.3.0.0/16 and for his current network, configure an ACL to filter the flows from him to 10.3.224.0/20 only.
Ok, I test now and I'll come back to share the solution.
Thank you a lot 16again.