Hi All net valuable colleagues! I'd like your opinion about how you would deal with the following scenario:
All those routers represent different vrfs inside a single physical router.The aim is to propagate customer routes in the forward direction through all the vrf chain, and the default route in the opposite direction. Each VRF should have it's next hop in the adjacent vrf loopback on its right on the forward direction, and the one on its left in the return direction.
As per standard configuration:
router bgp 65000 bgp router-id 1.1.1.0 bgp log-neighbor-changes ! address-family ipv4 vrf dlg-hau redistribute connected redistribute ospf 10 exit-address-family ! address-family ipv4 vrf firewall redistribute connected exit-address-family ! address-family ipv4 vrf internet bgp router-id 1.1.1.0 redistribute connected neighbor 1.1.1.1 remote-as 65535 neighbor 1.1.1.1 activate neighbor 1.1.1.1 next-hop-self exit-address-family ! address-family ipv4 vrf shaper redistribute connected exit-address-family
the default route would stop at "firewall" vrf, I assume because of the BGP advertisements limitations between iBGP peers.VRF chain should be flexible to easily remove (bypass a stage) or add a new node on the path (i.e. new stage of processing of the packets). An identical chain will be in place for redundancy purpose.BGP reflectors may solve the propagation issue and would add flexibility in case of new nodes, but I would keep the design as simple as possible.
Moving OSPF redistribution to the right end of the chain and leave the BGP to the only "internet" vrf would bypass the problem, but I'd rather use MP-BGP on the various stages because of MPLS future expansion of the network.
How would you deal with that?
Sincerely
No comments:
Post a Comment