Re: bgp

Shaughn,

Thats pretty much what I said : ) The tracker would be tracking 1.1.1.2

On Thu, Nov 26, 2009 at 6:37 AM, Shaughn Smith <shaughn.s_at_cvnnet.co.za>wrote:

> The only problem I see with doing it that way is that the tracker needs
> to be created on his router, the router doesn't have a direct link to
> the firewall according to his topology. So the router wouldn't know when
> that interface has gone done.
>
> He could probably track the 1.1.1.2 IP which is the IP on the firewall
> side.
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Joe Astorino
> Sent: Thursday, November 26, 2009 1:27 PM
> To: Shaughn Smith
> Cc: MDevarajan_at_inautix.co.in; jack daniels; Cisco certification;
> nobody_at_groupstudy.com
> Subject: Re: bgp
>
> Building on what has already been suggested, I believe you could
> accomplish
> this using the exist-map combined with the logic suggested by Uchil.
> Basically, create a conditional static route to a fake network that is
> tied
> to a tracker that tracks the firewall interface.
>
> ip route 100.100.100.100 255.255.255.255 null0 track 1 <---
> 100.100.100.100/32 is your fake route. Only install this static route
> IF
> tracker 1 is up which would be configured to track if 1.1.1.2 is up
>
> next, use the exist-map feature of BGP to essentially say "only
> advertise
> 1.1.1.0/24 IF I have 100.100.100.100/32 in my BGP table".
> 100.100.100.100/32 will of course only be in your BGP table if the
> tracker
> is up. Of course in BGP you would have to have network statements for
> the
> fake route too and probably would want to filter the update so you don't
> advertise the fake network : )
>
> I have not tested this, but I think it should work.
>
> On Thu, Nov 26, 2009 at 6:10 AM, Shaughn Smith
> <shaughn.s_at_cvnnet.co.za>wrote:
>
> > How will that help ? You aren't creating the EBGP session from the
> > firewall to the ISP. The firewall cant run BGP (if it's PIX or ASA)
> >
> > Why don't you create an OSPF relationship between the firewall and
> > router. Then create a "dummy" network address/host on the firewall and
> > advertise that into OSPF.
> >
> > Then redistribute that into BGP on the router. Create your
> > advertise-map/no-exist map etc, so when the firewall goes down and
> that
> > network/host disappears then so does your advertisement of 1.1.1.0/24
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of
> > MDevarajan_at_inautix.co.in
> > Sent: Thursday, November 26, 2009 11:55 AM
> > To: jack daniels
> > Cc: Cisco certification; nobody_at_groupstudy.com
> > Subject: Re: bgp
> >
> > I have one idea , Create a another EBGP between Switch and ISP and
> > advertise (1..1.1.24 ) , When firewall is down EBGP will go down and
> > netwrol will withdrawn.
> >
> > Please correct me if I wrong..
> >
> > Mohan
> >
> >
> >
> >
> >
> >
> > jack daniels <jckdaniels12_at_gmail.com>
> > Sent by: nobody_at_groupstudy.com
> > 11/26/2009 02:36 AM
> > Please respond to
> > jack daniels <jckdaniels12_at_gmail.com>
> >
> >
> > To
> > Cisco certification <ccielab_at_groupstudy.com>
> > cc
> >
> > Subject
> > bgp
> >
> >
> >
> >
> >
> >
> > Hi All,
> >
> > I have a customer scenario where
> >
> >
> > ISP 2.2.2.1----2.2.2.2 router1.1.1.1/24 -------Switch -----------
> > 1.1.1.2/24FW------LAN
> >
> >
> > ISP and router are running BGP. Now I want to advertise the 1.1.1.0/24
> > when
> > FW is up if FW is down I dont want to advertise this subnet. I have
> > redundancy so will use redundant media and firewall . my querriery is
> > how
> > not to advertise in BGP 1.1.1.0/24when my FW is down.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Regards,
>
> Joe Astorino CCIE #24347 (R&S)
> Sr. Technical Instructor - IPexpert
> Mailto: jastorino_at_ipexpert.com
> Telephone: +1.810.326.1444
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
> (R&S,
> Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security &
> Service
> Provider) Certification Training with locations throughout the United
> States, Europe and Australia. Be sure to check out our online
> communities at
> www.ipexpert.com/communities and our public website at www.ipexpert.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>

-- 
Regards,
Joe Astorino CCIE #24347 (R&S)
Sr. Technical Instructor - IPexpert
Mailto: jastorino_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S,
Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service
Provider) Certification Training with locations throughout the United
States, Europe and Australia. Be sure to check out our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
Blogs and organic groups at http://www.ccie.net