Accepting default-route via BGP

Unanswered Question
Jun 22nd, 2007

Hi Guys,

I would just like to ask what is the best condition when accepting default routes from the ISP. Currently, we asked our ISP to advertise 0.0.0.0 if they have google.com and yahoo.com routes. What the ISP did was they configured a as-path access-list that includes both yahoo and google AS. Do you think this is a good design? What is the best condition that you guys think?

-John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (4 ratings)
Loading.
mohammedmahmoud Fri, 06/22/2007 - 04:11

Hi,

Accepting a default route from the SP has nothing to do with the as-path access-list, the as-path access-list is used to filter routes passing through or originated from certain ASs, and has nothing to do with the provider advertising a default route to you.

HTH,

Mohammed Mahmoud.

John Patrick Lopez Fri, 06/22/2007 - 04:38

The ISP used the as-path access-list as the condition for the propagating default-route. Here's the config.

neighbor x.x.x.x default-originate route-map YAHOO_GOOGLE_CHECK

ip as-path access-list 140 permit _15169_[0-9]*$

ip as-path access-list 140 permit _10310_[0-9]*$

ip as-path access-list 140 permit _36752_[0-9]*$

route-map YAHOO_GOOGLE_CHECK permit 10

match as-path 140

-John

mohammedmahmoud Fri, 06/22/2007 - 05:19

Hi,

Ok, i see that your provider is doing conditional default route advertisement, but i think that as Martin has suggested the EOT (Enhanced Object Tracking) would be nice to use.

HTH,

Mohammed Mahmoud.

mheusing Fri, 06/22/2007 - 04:47

Hi,

can you describe in more detail, what you would like to achieve?

I can imagine, enhanced object tracking may do what you want in an even better more predictable way. It allows you to choose an internet connection f.e. based on the reachability of a certain server. In your case you could ping yahoo.com and google.com and trigger rerouting based on availability.

There are some technical restrictionswith EOT, but if it sounds like solving your problem, have a look at

http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080774e79.html

Hope this helps!

Regards, Martin

John Patrick Lopez Sun, 06/24/2007 - 21:14

Hi Martin,

I saw this information from the link you gave me.

Tracking IP-Route Reachability

Perform this task to track the reachability of an IP route. A tracked object is considered up when a routing table entry exists for the route and the route is accessible.

It says that it will be considered as up when a routing table entry exists. How can we do this if we are only using default route?

Regards,

John

Pavel Bykov Mon, 06/25/2007 - 00:31

Solution seems reasonable. The other possible conditioning method would be to track the routes of Google and Yahoo.

But since we are not aware of internal redundancy of google/yahoo, some of their networks might not be available but google and yahoo still can be available overall.

Hence AS_PATH is a good condition.

My only comment would be that this configuration enables advertising of default route even when only one of the Autonomous Systems is available.

John Patrick Lopez Mon, 06/25/2007 - 23:26

Yes, that is my concern, I think routes are better than using AS as the condition. One of our ISPs uses routes as the condition. Only this one uses AS Path. But even with this conditions in the configuration, it will still advertise default routes if one of them is available in the BGP table. Some of our client tools are internet based, sometimes, they become inaccessible in one ISP but accessible on the other. Humm.... Do you guys have other ideas?

-John

Pavel Bykov Tue, 06/26/2007 - 07:54

Ok, i have tested it for a good half of my day, even accidentally crashing some AT&T router on the way, because REGEXP expressions was too complex. "System returned to ROM by bus error at PC 0x60734DC0, address 0x8" it said...

So i gave up on the complex REGEXP. All 7206 routers crash with it, with any IOS i tried.

But what you can go with, that doesn't crash, is one of the following:

1. Create several ACL (three in your case) and create route-map with AND logic. All route-maps have can use AND or OR logic on match commands. If match command is followed by parameters in one line, OR logic is used. If match commands are on new lines, AND logic is used.

But i could not get that to work on my enterprise 12.3 IOS. Even when entering commands on new lines, after show route-map command, all match statements were on the same line. Maybe another IOS will do.

2. Second option is define ACL for every AS PATH and use BGP route-map continue function.

http://www.cisco.com/en/US/customer/products/ps6566/products_feature_guide09186a00801a7f7a.html

So you'd have:

ip as-path access-list 140 permit _15169$

ip as-path access-list 141 permit _10310$

ip as-path access-list 142 permit _36752$

route-map YAHOO_GOOGLE_CHECK permit 10

match as-path 140

continue 20

route-map YAHOO_GOOGLE_CHECK deny 15

route-map YAHOO_GOOGLE_CHECK permit 20

match as-path 141

continue 30

route-map YAHOO_GOOGLE_CHECK deny 25

route-map YAHOO_GOOGLE_CHECK permit 30

match as-path 142

This way, all as_paths are checked in sequence. If at least on as-path ACL is not matched, it falls through to the next sequence and is instantly denied with the sequence ending in 5. If it is present, than it continues to the sequence ending in 0. So all of the AS_PATH have to be present.

Pavel Bykov Tue, 06/26/2007 - 14:01

...But i guess none of the AS_path will successfully finish until the end, because route-map evaluates routes line by line.

So scratch the previous idea...

John Patrick Lopez Wed, 06/27/2007 - 05:03

What do you mean that none of the AS_Path will successfully finish until the end?

I think you're route-map is better than the one submitted to us by the ISP.

-John

John Patrick Lopez Wed, 06/27/2007 - 05:25

Hi Mohammed Mahmoud,

About your post, it seems the it will execute a preemption on the HSRP if the host does not reply to an ICMP. What about triggering a static route when the host does not respond? So it can route to another ISP if the host does not respond. I know BGP is the best way to implement regarding lost routes and trigger a reroute. However, how can we implement this without using BGP and by tracking the latency on one ISP.

-John

Actions

This Discussion