0

I am trying to announce a prefix from AS7 and I like AS6 receive it and send it to AS2(as shown in the attached topologyenter image description here). I have OSPF running on all routers of AS6. I have assigned 10.x.x.x for each loop back interface of my routers in AS6. for example 10.6.6.6 for r6. 10.4.4.4 for r4 etc. I have stablished a peer connection between all of the routers of AS6. for example, r3 has connection with r6,r4,r9 and r5 event though we do not have physical connection between them.

My question is the ip address I should use for r6 should be a public ip, because if I use 10.6.6.6 for r6, then r7 from AS7 will not be able to communicate with it. the same reason for r5 and r9 which should be run with their public address. If I use r6's public ip and then if i connect r6 to r5 and r9, then I do not need OSPF and without OSPF also r6 will be able to talk to r9 and r5.

I confused how can I involve r6 in my full mesh topology with using its public ip address. Should I assign r6's public ip address to its loop back?

Shahrooz Pooryousef
  • 107
  • 11
  • Since this is a networking question rather than a programming question, the "Network Engineering" forum (https://networkengineering.stackexchange.com/) would be a better forum for this. – Bruno Rijsman Feb 22 '19 at 01:07

1 Answers1

1

1) Within AS6 you need a full mesh of IBGP sessions: R3-R4, R3-R5, R3-R6, R3-R9, R4-R5, R4-R6, R4-R9, R5-R6, R6-R9. You need the full mesh for two reasons. One: each router needs the IBGP routes in its forwarding table, so each router needs to speak IGBP. Two: IBGP routes are normally not propagated from one IBGP session to another IBGP session, so the IBGP sessions must form a full mesh.

Note: Or, as an alternative to a full mesh of IBGP sessions you can use one or more router reflectors: RR-R3, RR-R4, RR-R5, RR-R6, RR-R9.

Note: A common design is the so-called BGP-free core. In this design you only run IBGP on the edge routers of your AS (in your example R5, R9, and R6). The other routers in the core (R3 and R4 in your example) only run the IGP (which is OSPF in your example). This means that the BGP routes are not in the core routers R3 and R4. To make forwarding work, some sort of (automated) tunneling is used from edge router to edge router (typically MPLS but sometimes GRE or VXLAN).

2) It is recommended to use the loopback addresses as the source and destination address of the IBGP session. This is to avoid tying the multi-hop IBGP session to a physical interface. For example, imagine you also had an R5-R9 link and consider the R6-R9 IBGP session. The physical path of the R6-R9 IBGP session would normally be R6-R4-R9. But if the R6-R4 interface goes down, we want the IBGP session to stay up and move over to the R6-R3-R5-R9 path.

3) Because the IBGP sessions are normally loopback to loopback and sometimes multi-hop, you need some mechanism for each BGP speaker (R3, R4, R5, R6, R9) to discover the route to the loopback. This is why every router in the AS must also run OSPF (R3, R4, R5, R6, R9).

4) The loopback addresses they are typically public IP addresses, but it they could theoretically also be private IP addresses. What really matters is that each router in AS6 has OSPF reachability to the loopback of the other routers in the same domain.

5) The EBGP sessions R2-R5, R2-R9, and R6-R7 should be bound to the interfaces. In other words, the source and destination IP addresses of those BGP sessions should be the IP addresses of the inter-AS interfaces.

Bruno Rijsman
  • 3,715
  • 4
  • 31
  • 61
  • thank you, Brano, but I didn't get my answer. My understanding is that the only difference between iBGP and EBGP session is that two routers in iBGP session have same AS number. My question is do I need to have a peer session between R6 and R9? If yes, and if I use the public ip addresses for R9 and R6, then they can talk to each other without using the physical path through R4. And my another question which may help me in my first question is do I need to run OSPF on R6 or R9 or R5? – Shahrooz Pooryousef Feb 22 '19 at 02:03
  • 1
    I updated the answer. Yes, you need an IBGP session between R6 and R9 (unless you use route reflectors). To understand the scenario, it is best to imagine that the IBGP loopback addresses are private. Even the IBGP loopback end-point addresses are public addresses, most people don't advertise those loopback addresses over the EBGP sessions to outside of the AS. If that is what you do, if the physical interface R4-R6 is down, then the R6-R9 IBGP session would NOT come up; it would NOT go from R6 through the public internet to R9. In real life there would be R5-R9 link for redundancy – Bruno Rijsman Feb 22 '19 at 07:43
  • 1
    Just to add to my previous comment: operators typically don't expose the loopbacks of their routers to the internet at large (i.e. they don't advertise their loopback addresses in EBGP) to avoid attacks on the control plane of their routers. – Bruno Rijsman Feb 22 '19 at 07:49
  • 1
    RE: "the only difference between iBGP and EBGP session is that two routers in iBGP session have same AS number" There are other differences as well. For example, a router received over an EBGP session is propagated to other EBGP and IBGP sessions. But a router received over an IBGP session is only propagated to EBGP sessions, and not to other IBGP sessions (unless the router is a route reflector). There are also differences to how the path attributes are handled. For example, EBGP appends its own AS number, but IBGP does not. – Bruno Rijsman Feb 22 '19 at 07:51