Hour 280: CCIE Lab vs Production example

The CCIE Lab does not follow the conventional “best practices” that you would see in a production network. To demonstrate this, I will take this topology as an example:

Topo1

This is a typical CCIE Lab topology, where you have BGP peering between the loopbacks but using an IGP to establish connectivity between these loopbacks. In this scenario, we are trying to advertise R1’s Loopback IP address to R3 and R3’s Loopback IP address to R1. Let’s take a look at each routers configurations:

R1:

confr1

R2:

confr2

R3:

confr3

Ok. So we configured OSPF and EIGRP as per the diagram; including the loopbacks in each IGP. Also we configured ebgp-multihop for the EBGP peers and next-hop-self on R2 edge for iBGP next-hop route propagation. After this configuration, let’s check out the BGP routing tables:

R1

R2

R3

All the routes are in for BGP but ICMP to R3 is not working. To add to this each 3 minutes we see the eBGP peering between R1 and R2 flap for a second. Why is this happening? Take a minute to think about it.

3 minutes is the default hold-down timer for BGP, but why is it going down? The reason for this is that by using an IGP instead of a static route or a directly connected peer for our eBGP connection, we have set ourselves up for a problem. Let’s take a look at the 3.3.3.3 injected BGP route:

BGPprob

We are learning 1.1.1.1 from the eBGP’s 1.1.1.1 route. Wait… how can we learn a route from our own BGP route? We cannot. Because we are using an IGP that has a higher AD than the eBGP’s AD, we are using our own route to propagate it to the rest of the network. To fix this, we need to change the AD of the network to be higher than our IGP’s. The easy way to do this is to use the network backdoor command. We could also decrease the IGP’s AD to under 20 so they do not take priority over the eBGP routes.

bgpgood

As you can see, this looks much better. Let’s see if we can ping now:

bothways

As we can see, we can pass ICMP traffic and this network is now functional. I chose this example to prove that we can encounter a lot of problems by using unusual topologies like the kind used in the CCIE Lab. We would never use an IGP to peer loopbacks in a production network. Instead, we would use directly connected routes or static routes because they both have a lower AD than eBGP. This is just one of the many things to look out for when configuring BGP in CCIE Lab scenarios.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s