Re: Router only speaks IGP in BGP network
On Sat, Dec 25, 2010 at 08:52:42AM -0500, ML wrote: If you're only redistributing 10 prefixes into OSPF? Problem? I know I'm a little late to this thread, but figured I'd point out one reason why this can be very dangerous: In IOS, you use a route-map to control redistribution between protocols. For example, if you want to redist just those BGP prefixes tagged with a specific community into OSPF, you will probably configure something that looks like this: route-map bgp-to-ospf permit 10 match community $COMMUNITY ! route-map bgp-to-ospf deny 20 ! router ospf $PID redistribute bgp $ASN subnets route-map bgp-to-ospf Now, consider the following failure scenarios: 1. Someone typo's a BGP config elsewhere in your network and attaches $COMMUNITY to a whole bunch more routes... say, all 350k being sent by your upstream provider. *oops* 2. An engineer thinks that there's something wrong with the redistribution and decides to temporarily disable it as part of the troubleshooting process. He types the following: conf t router ospf $PID no redistribute bgp $ASN subnets route-map bgp-to-ospf *boom* He just dumped all BGP routes into OSPF, due to the way IOS parses the command: it removes the route-map but leaves the redistribution intact. To be fair, Cisco does provide you with tools to mitigate this risk (see the redistribute maximum-prefix command) but the point is that this is a fairly easy mistake to make. At the end of the day, the reason that many folks advise against the redistribution of BGP into an IGP is that it sets the stage for a seemingly insignificant mistake to cause a not-so-insignificant outage. --Jeff
Re: Router only speaks IGP in BGP network
On Friday, December 24, 2010 07:26:43 am Randy Bush wrote: and do NOT redistribute bgp into ospf. This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out. Mark. signature.asc Description: This is a digitally signed message part.
Re: Router only speaks IGP in BGP network
On 12/25/2010 3:36 AM, Mark Tinka wrote: On Friday, December 24, 2010 07:26:43 am Randy Bush wrote: and do NOT redistribute bgp into ospf. This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out. Mark. If you're only redistributing 10 prefixes into OSPF? Problem?
Re: Router only speaks IGP in BGP network
On 12/25/2010 3:36 AM, Mark Tinka wrote: On Friday, December 24, 2010 07:26:43 am Randy Bush wrote: and do NOT redistribute bgp into ospf. This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out. Oh please. OSPF loves it when you shove a few 100k routes into it. -- Jeremy L. Gaddis
Re: Router only speaks IGP in BGP network
On Sat, 25 Dec 2010 08:52:42 -0500 ML m...@kenweb.org wrote: On 12/25/2010 3:36 AM, Mark Tinka wrote: On Friday, December 24, 2010 07:26:43 am Randy Bush wrote: and do NOT redistribute bgp into ospf. This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out. Mark. If you're only redistributing 10 prefixes into OSPF? Problem? I've had to do it when transitioning between a legacy ISP routing domain and a BGP for everything model. The old routing domain had customer routes in both OSPF and BGP, while the new one used BGP for customer routes only. As I had to make the new network customer routes visible in the old network, and the legacy network didn't have a complete BGP mesh or RR setup (i.e. a broken BGP model), pushing routes from new BGP into old OSPF was the only choice. I liberally used the OSPF external route tag and BGP communities to classify routes and to control redistribution and avoid redistribution loops. So you can do it, as long as you're very careful, and make sure you keep reminding yourself that you're playing with a loaded gun with the safety off. Something definitely worth avoiding if you can. Regards, Mark.
Router only speaks IGP in BGP network
Dear all In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem? thanks -- Tarig Y. Adam CTO - SUIN www.suin.edu.sd
RE: Router only speaks IGP in BGP network
Hi Andre That actually what I had done.. I thought it might be another solution many thanks -- Tarig Y. Adam SUIN Network Date: Thu, 23 Dec 2010 13:41:12 -0500 Subject: Re: Router only speaks IGP in BGP network From: anf...@gmail.com To: tariq198...@hotmail.com how about sending only a default into your OSPF domain from BGP? of course this can be a conditional type of redistribution;if you want no redistribution at all, then consider generating the default at your ASBR, which also can be conditional. without much more details on your topology, this is as vague an answer i can provide. cheers On Thu, Dec 23, 2010 at 1:18 PM, Tarig Yassin tariq198...@hotmail.com wrote: Dear all In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem? thanks -- Tarig Y. Adam CTO - SUIN www.suin.edu.sd
Re: Router only speaks IGP in BGP network
In a message written on Thu, Dec 23, 2010 at 09:18:57PM +0300, Tarig Yassin wrote: In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem? Sounds like the textbook case of how folks use MPLS. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpZJoTt43z61.pgp Description: PGP signature
Re: Router only speaks IGP in BGP network
Hello Tarig, Setup a gre tunnel between the two bgp speakers and do ibgp over the gre tunnel? (not clean but it works) or mpls.. If you implement the other solution mentioned you're creating routing loops. On 23 December 2010 19:18, Tarig Yassin tariq198...@hotmail.com wrote: Dear all In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem? thanks -- Tarig Y. Adam CTO - SUIN www.suin.edu.sd -- Wouter Prins w...@null0.nl
RE: Router only speaks IGP in BGP network
You could use a GRE tunnel to get traffic from one edge BGP outer to the other edge BGP router. Then run BGP over this link. - Brian J. -Original Message- From: Tarig Yassin [mailto:tariq198...@hotmail.com] Sent: Thursday, December 23, 2010 12:19 PM To: nanog; af...@afnog.org Subject: Router only speaks IGP in BGP network Dear all In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem? thanks -- Tarig Y. Adam CTO - SUIN www.suin.edu.sd CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
Re: Router only speaks IGP in BGP network
In my network, I have a router in a middle only speaks OSPF. is there any solution (without redistribute BGP into OSPF) for this kind of problem? uh, what exactly is the problem? i.e. what do you want to accomplish? and do NOT redistribute bgp into ospf. randy
