This is a pretty common scenario. You are running and IGP (in this case, OSPF) on your local network and you connect to another company or ISP via an eBGP link.
Your goal is to leak some of the external routes received via BGP into your IGP, and in turn leak some of your internal routes out via BGP. The constraint is you don’t want everything. Only the routes you decide.
There are numerous ways to do this. The way I would do this, is to explicitly state which routes you want via route-maps on your BGP link. That’s not exactly what I will do in this post – but it should be pretty easy to work out how to do that if you follow what’s bellow.
To begin with, our setup is this:
Thor and Baldur are your internal routers which run OSPF between them. Baldur and Loki have an eBGP link. I have added an extra loopback on both Loki and Thor, and the goal is to get them to talk.
Starting with Thor, we have the following interfaces:
Thor#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 10.0.100.2 YES manual up up Loopback0 10.0.0.1 YES manual up up Loopback10 10.0.50.254 YES manual up up
Lookback 10 will eventually be able to talk externally. I have given it a /24, which will be advertised externally.
Next up, Baldur has the following interfaces:
Baldur#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.0.2 YES manual up up FastEthernet0/1 10.0.100.1 YES manual up up Loopback0 10.0.0.0 YES manual up up
F0/0 represents out external interface. F0/1 is the internal (OSPF) interface.
Finally, Loki has the following interfaces:
Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.0.1 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Loopback0 192.168.17.1 YES manual up up
Lo0 will talk to Lo10 on Thor.
First, getting OSPF up and running we add:
Thor#show run | s router router ospf 1 log-adjacency-changes network 10.0.0.1 0.0.0.0 area 0 network 10.0.50.254 0.0.0.0 area 0 network 10.0.100.2 0.0.0.0 area 0
Baldur#show run | s router router ospf 1 log-adjacency-changes network 10.0.0.0 0.0.0.0 area 0 network 10.0.100.1 0.0.0.0 area 0
This should be fairly straight forward hopefully. End result: OSPF is running between Thor and Baldur.
Next we bring up and eBGP link between Baldur and Loki:
Baldur#show run | s router bgp router bgp 65000 neighbor 192.168.0.1 remote-as 65050 neighbor 192.168.0.1 update-source FastEthernet0/0 no auto-summary
Loki#show run | s router router bgp 65050 neighbor 192.168.0.2 remote-as 65000 neighbor 192.168.0.2 update-source FastEthernet0/0 neighbor 192.168.0.2 default-originate no auto-summary
Ok. Now we have all the routing protocols running. Neighborships are up – Baldur can talk to both Loki and Thor, but Loki and Thor can’t talk to each other.
So we have to get the route from Loki (192.168.17.1) to Thor and conversely we have to get the route from Thor (10.0.50.254/24) to Loki.
First step in getting the route from Loki, is for Loki to advertise this route into BGP. This is a simple network statement.
Loki(config)#router bgp 65050 Loki(config-router)#network 192.168.17.1 mask 255.255.255.255
Confirm on Baldur we can see 192.168.17.1:
Baldur#show ip bgp BGP table version is 6, local router ID is 10.0.100.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 192.168.0.1 0 0 65050 i *> 10.0.50.0/24 10.0.100.2 11 32768 i *> 192.168.17.1/32 192.168.0.1 0 0 65050 i
There it is. Yay.
Now, this has to be redistributed into OSPF. This is done via a redistribute command. I have in this case passed the redistribute command through a route-map (PERMIT_DEFAULT) which references a prefix-list (DEFAULT_LIST). If you haven’t seen prefix-lists – they are awesome! There is heaps of online information on them, you can think of it as something similar to an ACL for use in redistribution or route filter, with the ability to specify your subnet mask size – or a range of sizes.
Back to Baldur:
Baldur(config)#router ospf 1 Baldur(config-router)#redistribute bgp 65000 subnets route-map PERMIT_DEFAULT Baldur(config)#route-map PERMIT_DEFAULT permit 50 Baldur(config-route-map)# match ip address prefix-list DEFAULT_LIST Baldur(config-router)#ip prefix-list DEFAULT_LIST seq 15 permit 192.168.17.1/32
So, the result of that prefix-list and route-map – the only routes redistributed into OSPF from BGP should be 192.168.17.1/32.
So if we look at Thor, it should now have a route for 192.168.17.1/32:
Thor#show ip route 10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks O 10.0.0.0/32 [110/11] via 10.0.100.1, 00:25:26, FastEthernet0/1 C 10.0.0.1/32 is directly connected, Loopback0 C 10.0.50.0/24 is directly connected, Loopback10 C 10.0.100.0/30 is directly connected, FastEthernet0/1 192.168.17.0/32 is subnetted, 1 subnets O E2 192.168.17.1 [110/1] via 10.0.100.1, 00:25:26, FastEthernet0/1
There it is, an OSPF external E2 route, yay! And look, nothing else. The 192.168.0.0/30 is not there.
Now we need to send the 10.0.50.0/24 network out. Now, you can do this via a redistribute OSPF command within BGP much like we did for the other way. But the other option is just to put a network statement in BGP on Baldur. Remember, the network command in BGP will advertise the specified network – as long as it appears in on the local routing table. So if the network disappears from OSPF, it will also be withdrawn from BGP.
Advertising on Baldur:
Baldur(config)#router bgp 65000 Baldur(config-router)#network 10.0.50.0 mask 255.255.255.0
Confirming on Loki:
Loki#show ip route 10.0.0.0/24 is subnetted, 1 subnets B 10.0.50.0 [20/11] via 192.168.0.2, 00:34:47 192.168.0.0/30 is subnetted, 1 subnets C 192.168.0.0 is directly connected, FastEthernet0/0 192.168.17.0/32 is subnetted, 1 subnets C 192.168.17.1 is directly connected, Loopback0
Loki#ping 10.0.50.254 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.50.254, timeout is 2 seconds: Packet sent with a source address of 192.168.17.1 !!!!!
You have to specify the source address because Thor only has a return address for Lo0, not for any of Loki’s other interfaces.
And lastly, confirming that the network command works as explained above, if we remove the 10.0.50.0/24 network from OSPF (shutdown on Lo10 on Thor) then it should also disappear for Loki:
Thor(config)#int lo 10 Thor(config-if)#shut
Loki#show ip route 10.0.50.0 % Network not in table
All gone, network command works as anticipated.
As I said, there a dozen other ways of doing this, but this is one way. Enjoy!