Inject default route via OSPF, but only to specific OSPF peer and contingent on BGP session established
Lukas Haase
lukashaase at gmx.at
Wed Jan 10 10:02:49 CET 2024
Hi Maria,
Thank you for respecting. First of all, sorry for my duplicate message. (My browser crashed and I did not realize the email was sent)
> Gesendet: Mittwoch, den 10.01.2024 um 08:52 Uhr
> Von: "Maria Matejka via Bird-users" <bird-users at network.cz>
> An: bird-users at network.cz
> Betreff: Re: Inject default route via OSPF, but only to specific OSPF peer and contingent on BGP session established
>
> Hello!
>
> TL;DR: That's currently not possible. But there are other options.
To me, my setup sounds like the most common, most normal configuration one could imagine. The fact that this sounds so troubling makes me think: Am I doing something conceptually wrong?
How would one implement my scenario?
>
> On 2024-01-10 00:28, Lukas Haase via Bird-users wrote:
> > Hi,
> >
> > I have two "border gateways"; each establishes a BGP session to the outside world. An internal router connects to each of the border gateways and uses OSPF to exchange routes. (Note, other OSPF links may exist as well).
> >
> > Both border gateways act as default gateways for the internal router. In order to create redundancy, each border gateway should send the default route via OSPF to the internal router. However, the default route should not be sent to any other device (otherwise it would mess up everything, incl tunnels).
>
> First, if sending a default route through OSPF breaks stuff, you should
> probably filter that route out on these devices where it's unwanted.
Fair but not many devices support such sophisticated filters as bird.
> Just to be safe if somebody misconfigures something. And with that, you
> can then just send the default route to the whole OSPF.
>
> Another approach would be filtering between areas in OSPF, which is
> quite fragile and not supported by BIRD anyway, but you can
> theoretically run two OSPF instances, one for the "with-default"
> network, and another one for the other network. This is very much a
> crazy setup which I do not recommend to go with unless you are sure that
> no better approach is available.
Hmm this might actually be an option to explore … Am I understanding correctly that I’d have two “protocol ospf” instances in bird.conf, each with a different area ? Could I just define two area instances in one “protocol ospf “ block instead?
> And finally, what may be even better, if your two uplinks are two
> different AS's … you can link the internal router to iBGP as well,
> balancing the traffic between the uplinks and failing to send all data
> over one uplink if the other fails.
No, the uplinks are both connected to the same AS.
Why would separate AS be required?
In general, is it better to use iBGP in place of OSPF for my case?
> > Additionally, injecting the default route should be contingent on having the BGP session established successfully (only then I can assume the route to the internet is good).
>
> In BIRD v2, there will be a possibility to do prefix aggregation added
> this year, and it looks like the configuration can be bent enough to
> actually generate "just the default route" from it. Not supported for now.
Hmm, even then I am unclear how this would be configured because a default gateway does not exist from BGP (I think). It would be a “protocol static” route, no?
Thanks!!
Luke
More information about the Bird-users
mailing list