Re: BGP OSPF question

From: shiran guez (shiranp3@gmail.com)
Date: Tue Mar 27 2007 - 17:29:04 ART

• Next message: Malcolm Price: "EIGRP routes not being learned"
• Previous message: Bob Sinclair: "Re: multicast very fundamental"
• Maybe in reply to: nem chua: "BGP OSPF question"
• Next in thread: nem chua: "Re: BGP OSPF question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I wonder if you only have one router on internal and one on external why do
you need to use IGP and BGP?

one internal wil have only one route and external router unless you are
connected to 2 provider you have no use of BGP and even if you where
connected to 2 providers you can do with out BGP.

Ok, for the argument sake if you want to enable IGP on the internal and BGP
on the external you need to decide what to do with the Firewall

why not put the Do such schem

Network --> Firewall --> Internal Router --> External Router

or

IGP on both Internal and Firewall either RIP/OSPF and External BGP

Shiran
On 3/27/07, Stephen Lee <slee@packet360.com> wrote:
>
> Why not run OSPF on the Firewall? Most firewalls support it.
>
> Thanks,
> Steve
>
> Stephen S. Lee
> Senior Systems Engineer
> slee@packet360.com
> PACKET360, INC.
> 100 East Shore Drive
> Glen Allen, VA 23059 USA
>
> Direct 804.545.4705
> Main 804.545.4700
> Toll Free 877.998.3600
> Fax 804.545.4759
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> nem chua
> Sent: Tuesday, March 27, 2007 2:47 PM
> To: maureen schaar
> Cc: Cisco certification
> Subject: Re: BGP OSPF question
>
> so it looks like ibgp or EBGP is the only way to get these routes from
> behind the firewall to pass routes into the internal network. I just
> like
> to keep the internal network simple with one protocol, but looks like I
> don't have a choice.
>
> Thank you all for your response.
>
>
> On 3/27/07, maureen schaar <maureen.schaar@gmail.com> wrote:
> >
> > Sorry, will not work with ospf. Check the other post. You would have
> > to make both routes believe they are on the same subnet. Not a very
> > nice configuration with ospf.
> >
> >
> > On 3/27/07, nem chua <nemthuduc@gmail.com> wrote:
> > > Hi, thank you all for your reply. You're absolutely right about
> IBGP
> > > neighbor does not have to be directly connected. Assuming OSPF is
> the
> > > protocol using a neighbor statement and ospf nonbroadcast network
> will
> > allow
> > > OSPF to send unicast messages to the neighbor one hop away and
> establish
> > > adjacency across the layer 3 firewall? That would be perfect.
> > >
> > >
> > > On 3/27/07, maureen schaar <maureen.schaar@gmail.com> wrote:
> > > > With ibgp there is no need for multihop. You can already peer with
> > > > ibgp on for example the loopbacks without any special config
> (besides
> > > > setting the update-source). Just needs an underlying igp route!
> > > >
> > > > For the other protocols, if not using a tunnel, you would have to
> find
> > > > a way to establish an adjacency without broadcasting/multicasting.
> So
> > > > that would mean:
> > > >
> > > > RIP: passive-interface default + neighbor x.x.x.x
> > > > OSPF: ip ospf network-type nonbroadcast + neighbor x.x.x.x
> > > > EIGRP: neighbor x.x.x.x <outgoing intf>
> > > >
> > > > Maureen
> > > >
> > > > On 3/27/07, nem chua < nemthuduc@gmail.com> wrote:
> > > > > Hi all, I have a unique scenario where we need to establish a
> > dynamic
> > > > > routing protocol over layer 3 firewalls. With EBGP we can do
> > multihop
> > > to
> > > > > skip the firewall, but with other protocols such os ospf, eigrp,
> > rip, is
> > > > > there any option to establish a neighbor without using GRE to
> tunnel
> > > over
> > > > > the firewall? Assume in all cases the firewall cannot
> participate
> > in
> > > any
> > > > > routing protocol.
> > > > >
> > > > > Is there a way to do multihop with ibgp? Is there a hop count
> limit
> > to
> > > > > multihop?
> > > > >
> > > > > THanks much.
> > > > >
> > > > >
> > >
> _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Shiran Guez
MCSE CCNP NCE1
http://cciep3.blogspot.com

• Next message: Malcolm Price: "EIGRP routes not being learned"
• Previous message: Bob Sinclair: "Re: multicast very fundamental"
• Maybe in reply to: nem chua: "BGP OSPF question"
• Next in thread: nem chua: "Re: BGP OSPF question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART