Re: [c-nsp] OSPF routing question
On 18/Jul/18 08:39, Gert Doering wrote: > If you do this, be aware that every OSPF come-and-go is very likely to lead > to a churn in BGP, as metrics change. This might or might not be a problem, > but everything that leads to externally visible BGP updates should be > considered well. If I could be more stern, "... should be abstracted from the global BGP table". What Gert talks about is a real issue, and many of the "bad actors" that top the Weekly Routing Table Report from APNIC are mainly so because they redistribute customer routes from their IGP directly into BGP. Oscillations in one protocol cascades into the other. The tried, true and tested architecture of using the IGP only for infrastructure + Loopback routes and iBGP for customer routes is what I'd suggest you consider moving to. Mark. signature.asc Description: OpenPGP digital signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF routing question
Thank you all for the distance change to 254. That resolved the issue. On Tue, Jul 17, 2018 at 7:57 PM, Erik Sundberg wrote: > Lee, > > > Change the Floating static route to an administrative distance of 254, so > it is higher than OSPF. > > > router static > address-family ipv4 unicast > 45.x.x.0/22 Null0 *254* > > > When the route is learned via OSPF it will have a metric of 110 and the > ospf route will be installed into the routing table. > > When the route is not learned via OSPF the floating static router on your > Edge router will be active. This will still allow BGP to advertise the > route. > > > > Also, if you don't want to advertise the floating static route to other > devices in your network you can do the following. > > Add the tag 1 on the static route will stop it from being redistributed in > your network. > > > router static > address-family ipv4 unicast > 45.x.x.0/22 Null0 254 *tag 1* > > > router ospf 1 > log adjacency changes > redistribute static* route-policy **IPV4-OSPF-REDIST-STATIC* > > *route-policy IPV4-OSPF-REDIST-STATIC* > > * if tag eq 1 then * > *drop* > * endif* > * done* > > If a static route has the tag of 1 it will not be redistributed into OSPF, > so the rest of the network will not learn about the route. > > > - > > Side note, most ISP's will only advertise there Loopback and Core > "Circuits" IPs in there IGP. They will run iBGP between all of the there > devices and allow BGP to redistribute the static and connected interfaces. > BGP is also easier to manipulate routes on your network. Send me an email > if you would like to know more. > > Here is an old but still very relevant power point on this. > > https://www.pacnog.org/pacnog2/track2/routing/a3-1up.pdf > 3 - OSPF for ISPs - PacNOG > <https://www.pacnog.org/pacnog2/track2/routing/a3-1up.pdf> > www.pacnog.org > © 2005 Cisco Systems, Inc. All rights reserved. 1 Session Number > Presentation_ID Cisco Confidential Deploying OSPF for ISPs ISP/IXP Workshops > > > > > > > > > > > > -- > *From:* cisco-nsp on behalf of Lee > Starnes > *Sent:* Tuesday, July 17, 2018 4:17:25 PM > *To:* cisco-nsp@puck.nether.net > *Subject:* [c-nsp] OSPF routing question > > Hello everyone, > > I have a question about OSPF route redistribution. We have no issues > redistributing subnets in the network out of our /19 blocks. But we have a > /22 block that the entire /22 is allocated to a single client. The routes > redistribute across all the all switches except back to the edge routers > that announce them via BGP to our upstream carriers. This being because > there are holdown routes for the BGP on this of the same size IP block. Is > there a way to allow the /22 block to propagate to the edge routers and > still maintain the hold down routes we need to announce that /22 via BGP to > our various upstream carriers? > > Edge routers are configured as such: > > router static > address-family ipv4 unicast > 45.x.x.0/22 Null0 19 > > router bgp ASNUMBER > address-family ipv4 unicast > network 45.x.x.0/22 > > > router ospf NUMBER > log adjacency changes > redistribute connected > redistribute static > area W.X.Y.Z > ! > interface TenGigE0/3/0/0 >passive disable > ! > interface TenGigE0/3/3/0 >passive disable > ! > > > Any ideas are greatly appreciated. > > -Lee > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > -- > > CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files > or previous e-mail messages attached to it may contain confidential > information that is legally privileged. If you are not the intended > recipient, or a person responsible for delivering it to the intended > recipient, you are hereby notified that any disclosure, copying, > distribution or use of any of the information contained in or attached to > this transmission is STRICTLY PROHIBITED. If you have received this > transmission in error please notify the sender immediately by replying to > this e-mail. You must destroy the original transmission and its attachments > without reading or saving in any manner. Thank you. > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF routing question
> Lee Starnes > Sent: Tuesday, July 17, 2018 10:17 PM > > Is there a > way to allow the /22 block to propagate to the edge routers and still maintain > the hold down routes we need to announce that /22 via BGP to our various > upstream carriers? > One problem I'd see with this setup is potential black holing for the /22 in question. Imagine a case where one of your edge routers becomes severed from the rest of the network for some reason, if that edge router has a static route being advertised via BGP to upstream carriers then it will still advertise the /22 route even though it can not reach the rest of the network or the /22. That's why I'd recommend letting the edge routers to learn the /22 via OSPF and then use network command in BGP to capture the /22 (if it exists in local routing table)and then advertise it to upstreams (and then removing the static routes for /22). Not sure if network command still reflects the changes in metric into MED attribute, if it does then setting static MED in policy associated with the network command should stop internal metric changes to be propagated outside of the local AS. adam netconsultings.com ::carrier-class solutions for the telecommunications industry:: ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF routing question
Hi, On Wed, Jul 18, 2018 at 02:57:37AM +, Erik Sundberg wrote: > Change the Floating static route to an administrative distance of 254, so it > is higher than OSPF. > > > router static > address-family ipv4 unicast > 45.x.x.0/22 Null0 254 > > > When the route is learned via OSPF it will have a metric of 110 and the ospf > route will be installed into the routing table. > > When the route is not learned via OSPF the floating static router on your > Edge router will be active. This will still allow BGP to advertise the route. If you do this, be aware that every OSPF come-and-go is very likely to lead to a churn in BGP, as metrics change. This might or might not be a problem, but everything that leads to externally visible BGP updates should be considered well. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF routing question
Hi, On Tue, Jul 17, 2018 at 02:17:25PM -0700, Lee Starnes wrote: > I have a question about OSPF route redistribution. We have no issues > redistributing subnets in the network out of our /19 blocks. But we have a > /22 block that the entire /22 is allocated to a single client. The routes > redistribute across all the all switches except back to the edge routers > that announce them via BGP to our upstream carriers. This being because > there are holdown routes for the BGP on this of the same size IP block. Is > there a way to allow the /22 block to propagate to the edge routers and > still maintain the hold down routes we need to announce that /22 via BGP to > our various upstream carriers? If we do this, we have holddown routes for the block, and more specifics pointing towards the customer. Like, /24 -> null0, and 2x /25 -> customer. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF routing question
Lee, Change the Floating static route to an administrative distance of 254, so it is higher than OSPF. router static address-family ipv4 unicast 45.x.x.0/22 Null0 254 When the route is learned via OSPF it will have a metric of 110 and the ospf route will be installed into the routing table. When the route is not learned via OSPF the floating static router on your Edge router will be active. This will still allow BGP to advertise the route. Also, if you don't want to advertise the floating static route to other devices in your network you can do the following. Add the tag 1 on the static route will stop it from being redistributed in your network. router static address-family ipv4 unicast 45.x.x.0/22 Null0 254 tag 1 router ospf 1 log adjacency changes redistribute static route-policy IPV4-OSPF-REDIST-STATIC route-policy IPV4-OSPF-REDIST-STATIC if tag eq 1 then drop endif done If a static route has the tag of 1 it will not be redistributed into OSPF, so the rest of the network will not learn about the route. - Side note, most ISP's will only advertise there Loopback and Core "Circuits" IPs in there IGP. They will run iBGP between all of the there devices and allow BGP to redistribute the static and connected interfaces. BGP is also easier to manipulate routes on your network. Send me an email if you would like to know more. Here is an old but still very relevant power point on this. https://www.pacnog.org/pacnog2/track2/routing/a3-1up.pdf 3 - OSPF for ISPs - PacNOG<https://www.pacnog.org/pacnog2/track2/routing/a3-1up.pdf> www.pacnog.org © 2005 Cisco Systems, Inc. All rights reserved. 1 Session Number Presentation_ID Cisco Confidential Deploying OSPF for ISPs ISP/IXP Workshops From: cisco-nsp on behalf of Lee Starnes Sent: Tuesday, July 17, 2018 4:17:25 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] OSPF routing question Hello everyone, I have a question about OSPF route redistribution. We have no issues redistributing subnets in the network out of our /19 blocks. But we have a /22 block that the entire /22 is allocated to a single client. The routes redistribute across all the all switches except back to the edge routers that announce them via BGP to our upstream carriers. This being because there are holdown routes for the BGP on this of the same size IP block. Is there a way to allow the /22 block to propagate to the edge routers and still maintain the hold down routes we need to announce that /22 via BGP to our various upstream carriers? Edge routers are configured as such: router static address-family ipv4 unicast 45.x.x.0/22 Null0 19 router bgp ASNUMBER address-family ipv4 unicast network 45.x.x.0/22 router ospf NUMBER log adjacency changes redistribute connected redistribute static area W.X.Y.Z ! interface TenGigE0/3/0/0 passive disable ! interface TenGigE0/3/3/0 passive disable ! Any ideas are greatly appreciated. -Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF routing question
Hello everyone, I have a question about OSPF route redistribution. We have no issues redistributing subnets in the network out of our /19 blocks. But we have a /22 block that the entire /22 is allocated to a single client. The routes redistribute across all the all switches except back to the edge routers that announce them via BGP to our upstream carriers. This being because there are holdown routes for the BGP on this of the same size IP block. Is there a way to allow the /22 block to propagate to the edge routers and still maintain the hold down routes we need to announce that /22 via BGP to our various upstream carriers? Edge routers are configured as such: router static address-family ipv4 unicast 45.x.x.0/22 Null0 19 router bgp ASNUMBER address-family ipv4 unicast network 45.x.x.0/22 router ospf NUMBER log adjacency changes redistribute connected redistribute static area W.X.Y.Z ! interface TenGigE0/3/0/0 passive disable ! interface TenGigE0/3/3/0 passive disable ! Any ideas are greatly appreciated. -Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
