Enterprise core network design analysis-migration from IGP to BGP

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/154021677.png "title =" Unnamed image .png "/>

1. Description of the current network environment

① Networks and remote sites in different locations are connected to R4, R5, R6, and R10 on the enterprise's core routers)

② The entire enterprise network is interconnected under an IGP, so each router has a full network

③ As the network scale expands, IGP performance gradually declines

2. network transformation requirements

① Due to limited budget, network equipment and lines cannot be fully upgraded. network transformation must be based on the original network topology.

② The main purpose of current network transformation is to improve stability and respond to the increasing number of Route prefixes and local network Jitter

③ Easy Network Management

3. Network Design

3.1 Overview

In order to cope with the continuous expansion of the network scale, the network design should be hierarchical, so as to provide a convenient route summary to reduce the consumption of device memory; on the other hand, the network instability is controlled locally to reduce the impact on the entire network and save CPU resources.

Therefore, Internal/External BGP architecture is a better solution.

3.2 network logical hierarchy

The core layer provides transmission functions to transmit route information and user traffic in each region.

Divide management domains by region and connect them to the core layer

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/154048692.png "title =" Unnamed image .png "/>

In this logical division, Location A, B, C, remote sites, and core layers can be managed and maintained independently by different teams.

In addition, the CEN egress module is designed to provide Internet accessibility.

3.3 route Transmission

1) Internet accessibility provision

The Enterprise Network egress delivers BGP default routes and the BGP Core in the transmission area is distributed to each region again to provide Internet accessibility.

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/154116774.png "title =" Unnamed image .png "/>

2) Intranet Communication

Routes are directly transmitted to BGP Core in each region, and routes are distributed to other regions.

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/154140577.png "title =" Unnamed image .png "/>

3.4 actual Network Planning

AS 65100 is the core transmission AS, responsible for transmitting route information and user traffic

AS 65101, 65102, and 65103 are

AS 65104 remote site connection

AS 65105 provides Internet accessibility for the enterprise network egress Module

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05095V014-4.png "title =" .png "/>

4. Deployment

4.1 New Network Architecture Overview

1) Regional Network

① Run independent IGP IN THE REGION

② The Regional Border Router delivers the default route through IGP

③ When there are multiple regional border routers, if there is a direct connection link between the border routers, the direct connection link is used to establish the iBGP peer relationship, and the iBGP peer is configured with next-hop-self

④ Each region's border router only establishes an eBGP peer relationship with the core layer router through a direct link

⑤ Route entries in the region are added to the BGP process on the Regional Border Router through declaration

If it is re-distributed to the BGP process, filter the default route

2) remote network

① R3 and R11 connect to each remote site as the dual hub. If the bandwidth permits, it is recommended that PVC be established between R3 and R11.

② If there is PVC between R3 and R11, R3 and R11 establish an iBGP peer relationship with the direct connection interface as the source

③ We recommend that you disable the horizontal split between R11 and R3 so that the remote site routes can arrive at each other using the two devices as backups.

④ R3 and R11 inject the OSPF route into BGP in the advertised manner, summarize the routes, and configure summary-only

⑤ The OSPF process of R3 and R11 is issued by default to provide external area accessibility

3) Enterprise egress network

① Since there is no direct link between each other, we do not recommend that you establish an iBGP peer relationship between R12 and R13.

② R12 and R13 respectively establish an eBGP peer relationship with the directly connected core layer Router

③ R12 and R13 release BGP default routes to the core layer

4) core layer network

① Each device on the core layer runs the kernel to provide bottom-layer access

② Each device in the core layer establishes a fully interconnected iBGP peer relationship with the loopback port as the source

③ Each device in the core layer uses direct connection to physical interfaces as the source, and establishes an eBGP peer-to-peer relationship with the VBR of each module

④ Metric-type internal must be configured to prevent sub-optimal path problems when connecting multiple core-layer devices in the region

4.2 deployment steps

1) Establish a BGP peer relationship

① Establish necessary iBGP peer relationships in various regions

② The core layer establishes an iBGP peer relationship

③ Establish an eBGP peer relationship between the region and the core layer

④ Verify the peer relationship

2) preparations before route injection into BGP

① Modify the AD value to prevent the interruption caused by replacing the BGP Route with the VPN gateway.

② Configure next-hop-self to prevent the next hop from being reachable

③ Configure the compare-routerid to implement the predictability of Route Selection

④ Prevent potential loop threats

If you need to configure set metric-type internal in this environment

3) Route Injection

① The Enterprise Network egress router delivers the default route

② BGP Speakers in each region declares the required routes in the region

③ Verify route Learning

4) segment the IGP domain

① IGP delivers the default route to ensure that devices in the region can access the network in the external region.

It is important to note that the default routes of IGP are learned by the vro at the core layer to avoid confusion of Route paths.

② Interrupt the relationship between IGP peers

Establish the use of the passive-interface command to interrupt the peer relationship

③ Check whether the change in the Learning Mode of the VPN gateway is correct and the default learning mode is correct.

5) re-deployment of IGP

Redeploy IGP for each region and core layer

6) AD Restoration

Restore the AD value of BGP

7) Route Aggregation

Note the risk of routing black hole caused by aggregation of routes in a specific environment

This article is from the "Thely" blog, please be sure to keep this source http://thely.blog.51cto.com/2695427/1289466