Multiple ASBRs: summarizing prefixes from BGP into OSPF

Israel G. Lugo israel.lugo at lugosys.com
Wed Jul 26 13:20:29 CEST 2017 

Hello,

I've got an internal Openstack deployment, currently in beta but
expecting a few thousands tennants in full production. Each tennant gets
at least an IPv4 prefix and an IPv6 one. They may get additional
prefixes upon payment or special request.

The way Openstack works is each tennant will have his own (virtual)
router, with an unique IP. This router is controlled directly by
Openstack and only knows static routes. Then there are a couple of BGP
route servers, also controlled by Openstack, who announce the prefixes
and respective nexthops.

On my side, I've got a couple of ASBR, using Bird to speak BGP with
Openstack's route servers and learn the routes. They forward the traffic
between my backbone and the tennant routers. On the backbone side,
they're speaking OSPF (also with Bird) to the rest of the infrastructure
and redistributing external prefixes. Everything works.

My problem is, I don't want to announce hundreds or thousands of
prefixes into OSPF when we go full. I'm carving the tennants from a
couple of large prefixes so I want to aggregate this at the ASBRs. But I
can't just blindly add a large static sink route on my ASBRs and
redistribute that to OSPF; that opens me up to the risk of dropping
traffic if one of the ASBRs loses BGP with the Openstack route servers.

What I need, unless someone has a better suggestion, is some way to
summarize externals in OSPF, such that the summary prefix is only
announced if I've got more specific routes inside it.

I tried creating an NSSA and placing the prefix there as external, but
it didn't help:

protocol ospf backbone {
  import all;
  export filter ospf_export;
  ecmp yes;
  merge external yes;
  area 0.0.0.0 {
    stub no;
    interface "eth0" { /* auth stuff */ };
    interface "lo" { stub; };
  };
  area 0.0.1.2 {
    nssa;
    /* transit VLAN to the tennant routers */
    interface "eth0.22" { stub; check link yes; };
    external {
      198.18.0.0/15;
    };
}

>From my understanding, I believe the external keyword on an NSSA would
be to aggregate in the opposite direction (backbone -> NSSA area).

Is there any way to do what I want? I.e., summarize externals into OSPF,
if and only if I have specific routes inside the summary prefix? That,
or a conditional route, that only gets inserted if another certain route
exists, or if the BGP peering is up.

Regards,
Israel G. Lugo

More information about the Bird-users mailing list