Use BGP Default Route to Replace Static Routing

Martin Kluge sent me an interesting BGP question: he has two upstream links and runs BGP on both. Since his router is low on RAM, he cannot accept full routing, so he’s just announcing his IP prefix and using static default routing toward upstream ISPs.

Static default routing toward upstream ISP

Static default routing toward upstream ISP

The relevant configuration on the GW router is somewhat similar to the configuration I’ve used as a staring point in my lab:

interface Serial1/0
 ip address 10.0.1.1 255.255.255.252
!
interface Serial1/1
 ip address 10.0.1.5 255.255.255.252
!
router bgp 65100
 neighbor 10.0.1.2 remote-as 65001
 neighbor 10.0.1.6 remote-as 65002
!
ip route 0.0.0.0 0.0.0.0 10.0.1.2
ip route 0.0.0.0 0.0.0.0 10.0.1.6 250

I’m sure the long-time readers of my blog immediately figured out where the catch is: if the upstream router dies, but the interface stays up, the outbound traffic is blackholed. Reliable static routing might be a solution, but his router is running an old IOS version. Obviously it’s time for yet another rarely known BGP feature: the BGP default route.

If you’ve mastered default routes in other routing protocols, forget about what you know … BGP is different:

  • Default route already in the BGP table is advertised to BGP neighbors like any other route.
  • To announce a default route to a BGP neighbor without having a default route yourself, configure neighbor default-originate.
  • Once you’ve configured default route advertising with the neighbor default-originate, it’s announced to the neighbor even if the router doesn’t have the default route itself.
  • The default route advertised to a BGP neighbor with the neighbor default-originate does not pass through BGP output filters, so you cannot filter it.

For even more details, read Default Routes in BGP.

To solve Martin’s problem, you’d have to reconfigure BGP on E1 and E2 as follows (the ip as-path access list just ensures nothing else is sent to the customer router; obviously you could use a route-map instead):

router bgp 65002
 neighbor 10.0.1.5 remote-as 65100
 neighbor 10.0.1.5 default-originate
 neighbor 10.0.1.5 filter-list 1 out
!
ip as-path access-list 1 deny .*

Now that the default route is advertised via BGP, there is no need for a static default, and the default route will be removed (and replaced with the backup one) if the BGP neighbor disappears.

More Details

Blog posts in BGP Essentials series

Recent posts in the same categories

24 comments:

  1. Anonymous 15 November 2007 14:58
    Depending on just how much memory the router has, this is also a very good solution: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a83.shtml
  2. Ivan Pepelnjak 16 November 2007 08:27
    The solution on CCO is great to ensure more optimal routing, but it looks like they forgot about the default routing of everything else.
  3. Anonymous 16 November 2007 22:37
    "ip default-network" would perhaps be a simpler solution.
  4. Ivan Pepelnjak 18 November 2007 12:08
    @anonymous(2): You need another network in the IP routing table for the ip default-network to work. So you have to receive at least a few routes via BGP (to have them pointed toward the ISPs) and then you can use the default-network on a few of them.
  5. Anonymous 28 November 2007 20:12
    Instead of typing the destination ip in the route specify the interface as done below.

    ip route 0.0.0.0 0.0.0.0 serial1/0
    ip route 0.0.0.0 0.0.0.0 serial1/1 250

    This will ensure that if the interface goes down it will be removed from the routing table, thus no black hole
  6. Ivan Pepelnjak 28 November 2007 20:42
    @anonymous(3): If only life would be so simple ... if you lose the interface, you lose the next-hop as well, so both solutions work. The problem is if you lose the BGP peer, but not the physical interface (as I've written in the post).
  7. test_acct 19 October 2008 01:15
    I know someone in similar situation. However they use a route server which gives them bgp routes with "next hops" that could change so the hard coding of upstream neighbors may change without notice. They are not given any default routes. Is there some way to do the same thing if there are potentially varying peers on the WAN ethernet side. ??
  8. EclecticITGuy 05 September 2009 11:28
    I had a question similar to this, but it involved 2 routers that were multi-homed to both ISP's in a full-mesh. I know this is probably a bit overkill, but I was trying to setup the most fault-redundant configuration possible that would survive both a router problem, as well as a service problem. In this setup, ISP1 is successfully sending a default-route to R1, but I'm noticing that R1 is redistributing that static route back into BGP and sending it to ISP2, which now has a default static route pointing to R1. I know I could filter this out, but my question is would there be a better way of doing this?
  9. Ivan Pepelnjak 11 September 2009 19:58
    I hope your observation is from a test lab. There are two serious mistakes in your setup:

    #1 - As a multihomed customer DO NOT EVER propagate transit routes between upstream ISPs.
    #2 - As an ISP, DO NOT EVER accept routes not originating in the customer's AS from the customer.
  10. Anonymous 10 December 2009 12:34
    #1 is true but #2 what if that customer also offers transit for his customers :)
  11. Ivan Pepelnjak 10 December 2009 13:23
    Then he's not a regular customer, but an ISP buying transit (or a reseller of your services or whatever) and you should treat him differently. At least I hoped that would be somewhat obvious.
  12. Olivier Cahagne 19 April 2010 09:52
    Ivan, when you say "12.2SRC announce BGP default route like any other network", do you know which DDTS track this ? I've tested behaviour with 7600/SRA, SRD3, SXF17a and behaviour is the same: BGP default route is announced.
  13. Ivan Pepelnjak 19 April 2010 10:13
    No idea, it was probably fixed quite a while ago.
  14. Mark Paquette 13 July 2010 18:44
    Interesting point - in this scenario, it would pay to BGP peer to the internet-facing interface (so, ebgp-multihop 3 or somecrap) ... so if the internet-facing interface goes down, so does the eBGP peer.
  15. Ivan Pepelnjak 13 July 2010 18:47
    If you have direct EBGP connection and the interface goes down, the EBGP session is immediately reset due to fast failover (by default; adjustable). My IP Corner article on BGP convergence has more details:

    http://www.nil.si/ipcorner/DesigningBGPNetworks/
  16. Anonymous 20 August 2011 21:05
    Good article! Thanks! But I have a question: customer receive two default routes from ISP1 ans ISP2, How can I (customer) create less priority for default route from ISP2?
  17. Ivan Pepelnjak 21 August 2011 06:56
    Using BGP weights or local preference. This video might help:

    http://www.youtube.com/watch?v=zFliAojRi2E
  18. Marko 06 December 2011 20:37
    Hi Ivan,

    Suppose ISP 1 lose connectivity to upstream provider,using default originate command SP1 will continue to advertise default route to customer, and if customer prefers ISP1, it will lose connectivity to internet even if customer has less preffered default route from ISP2. Am I right?
  19. Ivan Pepelnjak 07 December 2011 08:05
    The ISPs should use "responsible default route generation":

    http://blog.ioshints.info/2011/09/responsible-generation-of-bgp-default.html
  20. Warren Sullivan 21 December 2011 06:24
    Excellent article, thanks, cleared up a few doubts!
  21. Anonymous 27 July 2012 18:02
    Hello Ivan,

    I have the same issue like discussed above. My core router see the internet over 2 ISPs but when I removed the default route I lost the connection to a lot of websites. A part of the internet is reachable. From router I can ping everything but not from networks behind it. Do you have any idea?

    Regards
    Stellar
    Replies
    1. Ivan Pepelnjak 27 July 2012 18:13
      The usual root cause of "I can ping from the router, but not from the hosts" problem is that the subnet the hosts reside in is not visible from the rest of the network.

      In your case, that would mean you're not advertising your IPv4 prefix to the rest of the Internet. Does this make sense?
  22. Anonymous 27 July 2012 18:53
    I am advertising all my prefix and can see them from more a one looking glas. now everything running good but when I remove the default gateway I got the issue. When I add the default gateway back the issue remains until I reboot the router :(
  23. Unknown 01 December 2013 14:53
    What about use SLA for those two default routes Ivan?
Add comment
Home
Sidebar