Re: bgp from Joe Astorino on 2009-11-26 (Ccielab archives 11/2009)

From: Joe Astorino <jastorino_at_ipexpert.com>
Date: Thu, 26 Nov 2009 16:00:42 -0500

@Shaughn -- No worries : )
@Jack -- Excellent!!!

On Thu, Nov 26, 2009 at 9:24 AM, jack daniels <jckdaniels12_at_gmail.com>wrote:

> HI :) Thanks a lot guys :) it was a great help .... I did it sucess with
> your help
>
>
> On Thu, Nov 26, 2009 at 4:57 PM, Joe Astorino <jastorino_at_ipexpert.com>wrote:
>
>> Building on what has already been suggested, I believe you could
>> accomplish this using the exist-map combined with the logic suggested by
>> Uchil. Basically, create a conditional static route to a fake network that
>> is tied to a tracker that tracks the firewall interface.
>>
>> ip route 100.100.100.100 255.255.255.255 null0 track 1 <---
>> 100.100.100.100/32 is your fake route. Only install this static route IF
>> tracker 1 is up which would be configured to track if 1.1.1.2 is up
>>
>> next, use the exist-map feature of BGP to essentially say "only advertise
>> 1.1.1.0/24 IF I have 100.100.100.100/32 in my BGP table".
>> 100.100.100.100/32 will of course only be in your BGP table if the
>> tracker is up. Of course in BGP you would have to have network statements
>> for the fake route too and probably would want to filter the update so you
>> don't advertise the fake network : )
>>
>> I have not tested this, but I think it should work.
>>
>>
>> On Thu, Nov 26, 2009 at 6:10 AM, Shaughn Smith <shaughn.s_at_cvnnet.co.za>wrote:
>>
>>> How will that help ? You aren't creating the EBGP session from the
>>> firewall to the ISP. The firewall cant run BGP (if it's PIX or ASA)
>>>
>>> Why don't you create an OSPF relationship between the firewall and
>>> router. Then create a "dummy" network address/host on the firewall and
>>> advertise that into OSPF.
>>>
>>> Then redistribute that into BGP on the router. Create your
>>> advertise-map/no-exist map etc, so when the firewall goes down and that
>>> network/host disappears then so does your advertisement of 1.1.1.0/24
>>>
>>> -----Original Message-----
>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>>> MDevarajan_at_inautix.co.in
>>> Sent: Thursday, November 26, 2009 11:55 AM
>>> To: jack daniels
>>> Cc: Cisco certification; nobody_at_groupstudy.com
>>> Subject: Re: bgp
>>>
>>> I have one idea , Create a another EBGP between Switch and ISP and
>>> advertise (1..1.1.24 ) , When firewall is down EBGP will go down and
>>> netwrol will withdrawn.
>>>
>>> Please correct me if I wrong..
>>>
>>> Mohan
>>>
>>>
>>>
>>>
>>>
>>>
>>> jack daniels <jckdaniels12_at_gmail.com>
>>> Sent by: nobody_at_groupstudy.com
>>> 11/26/2009 02:36 AM
>>> Please respond to
>>> jack daniels <jckdaniels12_at_gmail.com>
>>>
>>>
>>> To
>>> Cisco certification <ccielab_at_groupstudy.com>
>>> cc
>>>
>>> Subject
>>> bgp
>>>
>>>
>>>
>>>
>>>
>>>
>>> Hi All,
>>>
>>> I have a customer scenario where
>>>
>>>
>>> ISP 2.2.2.1----2.2.2.2 router1.1.1.1/24 -------Switch -----------
>>> 1.1.1.2/24FW------LAN
>>>
>>>
>>> ISP and router are running BGP. Now I want to advertise the 1.1.1.0/24
>>> when
>>> FW is up if FW is down I dont want to advertise this subnet. I have
>>> redundancy so will use redundant media and firewall . my querriery is
>>> how
>>> not to advertise in BGP 1.1.1.0/24when my FW is down.
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>>
>> Joe Astorino CCIE #24347 (R&S)
>> Sr. Technical Instructor - IPexpert
>> Mailto: jastorino_at_ipexpert.com
>> Telephone: +1.810.326.1444
>> Live Assistance, Please visit: www.ipexpert.com/chat
>> eFax: +1.810.454.0130
>>
>> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
>> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security &
>> Service Provider) Certification Training with locations throughout the
>> United States, Europe and Australia. Be sure to check out our online
>> communities at www.ipexpert.com/communities and our public website at
>> www.ipexpert.com
>>
>>
>>
>

-- 
Regards,
Joe Astorino CCIE #24347 (R&S)
Sr. Technical Instructor - IPexpert
Mailto: jastorino_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S,
Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service
Provider) Certification Training with locations throughout the United
States, Europe and Australia. Be sure to check out our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
Blogs and organic groups at http://www.ccie.net

Received on Thu Nov 26 2009 - 16:00:42 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART