RE: bgp

Dammit, slow on the uptake again

Sorry I read this "tied to a tracker that tracks the firewall
interface." And just saw interface.

Apologies

CCIE # 23962

________________________________

From: Joe Astorino [mailto:jastorino_at_ipexpert.com]
Sent: Thursday, November 26, 2009 1:44 PM
To: Shaughn Smith
Cc: MDevarajan_at_inautix.co.in; jack daniels; Cisco certification;
nobody_at_groupstudy.com
Subject: Re: bgp

Shaughn,

Thats pretty much what I said : ) The tracker would be tracking 1.1.1.2

On Thu, Nov 26, 2009 at 6:37 AM, Shaughn Smith <shaughn.s_at_cvnnet.co.za>
wrote:

The only problem I see with doing it that way is that the tracker needs
to be created on his router, the router doesn't have a direct link to
the firewall according to his topology. So the router wouldn't know when
that interface has gone done.

He could probably track the 1.1.1.2 IP which is the IP on the firewall
side.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of

Joe Astorino
Sent: Thursday, November 26, 2009 1:27 PM
To: Shaughn Smith
Cc: MDevarajan_at_inautix.co.in; jack daniels; Cisco certification;
nobody_at_groupstudy.com
Subject: Re: bgp

Building on what has already been suggested, I believe you could
accomplish
this using the exist-map combined with the logic suggested by Uchil.
Basically, create a conditional static route to a fake network that is
tied
to a tracker that tracks the firewall interface.

ip route 100.100.100.100 255.255.255.255 null0 track 1 <---
100.100.100.100/32 is your fake route. Only install this static route
IF
tracker 1 is up which would be configured to track if 1.1.1.2 is up

next, use the exist-map feature of BGP to essentially say "only
advertise
1.1.1.0/24 IF I have 100.100.100.100/32 in my BGP table".
100.100.100.100/32 will of course only be in your BGP table if the
tracker
is up. Of course in BGP you would have to have network statements for
the
fake route too and probably would want to filter the update so you don't
advertise the fake network : )

I have not tested this, but I think it should work.

On Thu, Nov 26, 2009 at 6:10 AM, Shaughn Smith
<shaughn.s_at_cvnnet.co.za>wrote:

> How will that help ? You aren't creating the EBGP session from the
> firewall to the ISP. The firewall cant run BGP (if it's PIX or ASA)
>
> Why don't you create an OSPF relationship between the firewall and
> router. Then create a "dummy" network address/host on the firewall and
> advertise that into OSPF.
>
> Then redistribute that into BGP on the router. Create your
> advertise-map/no-exist map etc, so when the firewall goes down and
that
> network/host disappears then so does your advertisement of 1.1.1.0/24
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
Of
> MDevarajan_at_inautix.co.in
> Sent: Thursday, November 26, 2009 11:55 AM
> To: jack daniels
> Cc: Cisco certification; nobody_at_groupstudy.com
> Subject: Re: bgp
>
> I have one idea , Create a another EBGP between Switch and ISP and
> advertise (1..1.1.24 ) , When firewall is down EBGP will go down and
> netwrol will withdrawn.
>
> Please correct me if I wrong..
>
> Mohan
>
>
>
>
>
>
> jack daniels <jckdaniels12_at_gmail.com>
> Sent by: nobody_at_groupstudy.com
> 11/26/2009 02:36 AM
> Please respond to
> jack daniels <jckdaniels12_at_gmail.com>
>
>
> To
> Cisco certification <ccielab_at_groupstudy.com>
> cc
>
> Subject
> bgp
>
>
>
>
>
>
> Hi All,
>
> I have a customer scenario where
>
>
> ISP 2.2.2.1----2.2.2.2 router1.1.1.1/24 -------Switch -----------
> 1.1.1.2/24FW------LAN
>
>
> ISP and router are running BGP. Now I want to advertise the 1.1.1.0/24
> when
> FW is up if FW is down I dont want to advertise this subnet. I have
> redundancy so will use redundant media and firewall . my querriery is
> how
> not to advertise in BGP 1.1.1.0/24when my FW is down.
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
Received on Thu Nov 26 2009 - 13:58:28 ART