Changing priority between eBGP and OSPF learned routes

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Changing priority between eBGP and OSPF learned routes

L2 Linker

I have an interesting problem that I haven't found a satisfying solution for. 

 

I have various remote sites connected via private circuit with OSPF, and then IPSec VPN with eBGP learned routes. The administrative distance of eBGP is 20, and the administrative distance of OSPF is 30. I believe these are the defaults.

 

Right now, if there are two paths to a site, my firewall will always chose the eBGP route. I have sites where I want the eBGP route to be the backup to the OSPF. I haven't been able to get that to work. Is there anything I can do in OSPF or BGP to make a route learned by that protocol more or less desirable than a path learned by the other protocol?

 

I have been able to get this to "sort of" work by using static routing with path monitoring to "force" the OSPF path to be taken when it is available. This works, but takes significantly more configuration than what I would like, and is essentially replacing OSPF with static routing in that case.

 

Anyone have any better ideas?

 

I am thinking of building my IPSec tunnel to a different VR, and then the route can be shared between the new VR and the default VR via OSPF. I can then have a higher OSPF cost between the VR.

 

Thoughts?

1 accepted solution

Accepted Solutions

L2 Linker

I am looking at having the router with the OSPF path to also advertise the routes back to PAN via BGP. I can then filter on the PAN which of those BGP routes I want to accept, and to give them a lower metric (higher priority).

View solution in original post

9 REPLIES 9

Cyber Elite
Cyber Elite

Hello,

You should be able to make that route less likeable. In PAN BGP i think its called the MED value. But that is sent prior to the PAN, in Cisco you can prepend the route.

 

BGP > Conditional Adv > Advertise Filters

 

Hope that helps.

 

 

L5 Sessionator

Is there any way you can make the OSPF routes more specific than the BGP routes? Do some summarization with BGP when you export the prefixes to a peer? If the routes are the same, then administrative distance is used to determine which to use and will take the lower value.

You can change the administrative distance of the routing protocols but that would affect the entire virtual router. 

I believe MED only influences the difference between two different BGP paths for the same route.

L2 Linker

I am looking at having the router with the OSPF path to also advertise the routes back to PAN via BGP. I can then filter on the PAN which of those BGP routes I want to accept, and to give them a lower metric (higher priority).

Learning the two routes via BGP is working just as you would expect it to. I can control the chosen route via my BGP import rules.

You could change the Administrative Distances on the firewall virtual routerr.

 

Network -> Virtual Router -> Router Setting -> Administrative distances.

 


@nextgenhappines wrote:

You could change the Administrative Distances on the firewall virtual routerr.

 

Network -> Virtual Router -> Router Setting -> Administrative distances.

 


Yeah, but that would be a global change, instead of allowing me to be more selective, and I would end up with other routes not being what I want, so that isn't really a solution.

How about just run on one routing protocol?

Yeah, I may have to just run eBGP between my firewall and switch. Actually, setting up eBGP is the first step in my fix.

  • 1 accepted solution
  • 11733 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!