Establish WAN eBGP Connection

Introduction In the last lab EIGRP Routing over DMVPN IPSec Tunnels, I mention that in the production environment, we normally use eBGP (External Bor

EIGRP Routing over DMVPN IPSec Tunnels
Basic Concepts in IP Telephony and CUCM Lab
Packet Tracer IP Telephony Lab using Communications Manager Express (CME)

Introduction

In the last lab EIGRP Routing over DMVPN IPSec Tunnels, I mention that in the production environment, we normally use eBGP (External Border Gateway Protocol) and sometimes static to connect to the WAN. The last lab demonstrated how to use static route, and this lab will show you how to use eBGP to connect to WAN.

I will use the same GNS3 “EIGRP Routing over DMVPN IPSec Tunnels” project file to continue the lab. Copy the GNS3 project file into a different folder and rename it, just in case mess up the configuration, and I don’t have to start from the scratch. Always VERIFY your configuration before you go to the next step.

The key configuration steps can be summarised as below:

Step 1 – Remove all the static routes from each router.

Step 2 – Configure eBGP on each router.

The topology above is like the last lab EIGRP Routing over DMVPN IPSec Tunnels, except that I add BGP AS (Autonomous System) numbers and router-id to each router and loopback interface to Carriage router.

Please note, Site 2 and the Data Centre share the same AS number in the above figure; I did this on purpose. However, we shall avoid such situation in production, especially not sharing AS number with data centres. BGP uses AS number to identity traffic path, and therefore prevent routing loop. For example by default, if the traffic initiating from AS 65512 via AS 7000, it will not be allowed to enter AS 65512, i.e. path 65512 –> 7000 –> 65512 will be denied.

In the case of a single site with dual routers connecting to the WAN for redundancy, the BGP loop prevention mechanism avoids the risk that intra-site traffic transmitting via WAN (keeping intra-site traffic within the site) and also other across-WAN routing loops.

The loop prevention mechanism can be override with command though, shall this really be required by design.

Configuration Steps

Step 1 – Remove all the static routes from each router

Data Centre (HUB)

Site1 (Spoke)

Site2 (Spoke)

Step 1 – Verification

WAN connection verification

Data Centre (HUB)
Ping Site1 and Site2 WAN interfaces from Data Centre router to verify WAN connectivity, but this time make sure they are unreachable.

Site1 (Spoke)
Ping Data Centre and Site2 WAN interfaces from Site1 router to verify WAN connectivity, but this time make sure they are unreachable.

Site2 (Spoke)
Ping Data Centre and Site1 WAN interfaces from Site2 router to verify WAN connectivity, but this time make sure they are unreachable.

From the results above, all the across-WAN connections between Data Centre, Site1 and Site2 are down after the removal of all the static routes on each router.

Step 2 – Configure eBGP on each router

Data Centre (HUB)

bgp router-id 3.3.3.3
BGP determines the router ID using the following priority in sequence:
1. Use the address configured by the bgp router-id command.
2. Use the Loopback interface address with the highest IP address.
3. Use the highest IP address of the interface.

address-family ipv4 vrf FVRF
BGP Neighbours need to be configured inside the designated VRF.

redistribute connected
redistribute connected networks into BGP routing, so that they can be propagated across WAN. You can use “show ip route vrf FVRF” to verify which routes are connected, marked with C.

neighbor 20.20.20.10 remote-as 7000
Configuring the BGP neighbour/peer and the remote AS number.

neighbor 20.20.20.10 activate
To enable the exchange of information with a BGP neighbour, activate the peer relationship.

Carriage

int loopback 0
add loopback interface to Carriage router, because I didn’t configure any loopback interface in the Carriage router last lab.

Site1 (Spoke)

Site2 (Spoke)

neighbor 20.20.20.6 allowas-in [number]
allow readvertisement of all prefixes containing duplicate autonomous system numbers. It is the command to suppress BGP loop prevention mechanism.

[number]
Optional, Specifies the number of times to allow the advertisement of an autonomous system numbers. The range is 1 to 10. If no number is supplied, the default value of 3 times is used.

Step 2 – Verification

WAN connection verification

Data Centre (HUB)
Ping Site1 and Site2 WAN interfaces from Data Centre router to verify across-WAN reachability.

Site1 (Spoke)
Ping Data Centre and Site2 WAN interfaces from Site1 router to verify across-WAN reachability.

Site2 (Spoke)
Ping Data Centre and Site1 WAN interfaces from Site2 router to verify across-WAN reachability.

From the results above, Data Centre, Site1 and Site2 WAN interfaces are connected.

BGP routing table

Data Centre (HUB)

BGP table version
Internal version number of the table. This number is incremented whenever the table changes.

local router ID
IP address of the router.

Network
IP address of a network entity.

Next Hop
IP address of the next system that is used when forwarding a packet to the destination network. An entry of 0.0.0.0 indicates that the router has some non-BGP routes to this network.

Path
Autonomous system paths to the destination network. There can be one entry in this field for each autonomous system in the path.

Carriage

Site1 (Spoke)

Site2 (Spoke)

From the results above, we can see that the Data Centre, Site1 and Site2 are connected by BGP.

BGP summary
The following summary shows the BGP information on each router, such as who are their directly connected neighbour and their neighbour’s information.

Data Centre (HUB)

Carriage

Site1 (Spoke)

Site2 (Spoke)

We can also query the router received BGP routers and advertised BGP routers, which are often used in troubleshooting.

Conclusion

We often use BGP to propagate routing between two separately-managed networks ; so that we can control which routes shall be received and advertised to the peer. A company’s internal network and the carriage network are the example of two separately-manged networks. In large organisation with multiple vendors, Vendor A may manage the organisation’s gateway environment; while Vendor B may manage the organisation’s internal network environment. We can also use BGP to control the border of the two separately-managed networks.

In such complicated routing environment, static routing will be insufficient. BGP as dynamic routing simplifies configuration and also reduces management and change effort. The down side includes you will need a more expensive router supporting BGP service, BGP may also cause higher CPU consumption and additional bandwidth usage, especially when the network connection fluctuates.

COMMENTS

WORDPRESS: 0
DISQUS: 0