06-22-2007 03:55 AM - edited 03-03-2019 05:33 PM
Hi Guys,
I would just like to ask what is the best condition when accepting default routes from the ISP. Currently, we asked our ISP to advertise 0.0.0.0 if they have google.com and yahoo.com routes. What the ISP did was they configured a as-path access-list that includes both yahoo and google AS. Do you think this is a good design? What is the best condition that you guys think?
-John
06-22-2007 04:11 AM
Hi,
Accepting a default route from the SP has nothing to do with the as-path access-list, the as-path access-list is used to filter routes passing through or originated from certain ASs, and has nothing to do with the provider advertising a default route to you.
HTH,
Mohammed Mahmoud.
06-22-2007 04:38 AM
The ISP used the as-path access-list as the condition for the propagating default-route. Here's the config.
neighbor x.x.x.x default-originate route-map YAHOO_GOOGLE_CHECK
ip as-path access-list 140 permit _15169_[0-9]*$
ip as-path access-list 140 permit _10310_[0-9]*$
ip as-path access-list 140 permit _36752_[0-9]*$
route-map YAHOO_GOOGLE_CHECK permit 10
match as-path 140
-John
06-22-2007 05:19 AM
Hi,
Ok, i see that your provider is doing conditional default route advertisement, but i think that as Martin has suggested the EOT (Enhanced Object Tracking) would be nice to use.
HTH,
Mohammed Mahmoud.
06-22-2007 04:47 AM
Hi,
can you describe in more detail, what you would like to achieve?
I can imagine, enhanced object tracking may do what you want in an even better more predictable way. It allows you to choose an internet connection f.e. based on the reachability of a certain server. In your case you could ping yahoo.com and google.com and trigger rerouting based on availability.
There are some technical restrictionswith EOT, but if it sounds like solving your problem, have a look at
http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080774e79.html
Hope this helps!
Regards, Martin
06-24-2007 09:14 PM
Hi Martin,
I saw this information from the link you gave me.
Tracking IP-Route Reachability
Perform this task to track the reachability of an IP route. A tracked object is considered up when a routing table entry exists for the route and the route is accessible.
It says that it will be considered as up when a routing table entry exists. How can we do this if we are only using default route?
Regards,
John
06-25-2007 12:31 AM
Solution seems reasonable. The other possible conditioning method would be to track the routes of Google and Yahoo.
But since we are not aware of internal redundancy of google/yahoo, some of their networks might not be available but google and yahoo still can be available overall.
Hence AS_PATH is a good condition.
My only comment would be that this configuration enables advertising of default route even when only one of the Autonomous Systems is available.
06-25-2007 11:26 PM
Yes, that is my concern, I think routes are better than using AS as the condition. One of our ISPs uses routes as the condition. Only this one uses AS Path. But even with this conditions in the configuration, it will still advertise default routes if one of them is available in the BGP table. Some of our client tools are internet based, sometimes, they become inaccessible in one ISP but accessible on the other. Humm.... Do you guys have other ideas?
-John
06-25-2007 11:38 PM
Hi John,
Why not doing host tracking:
HTH,
Mohammed Mahmoud.
06-26-2007 07:54 AM
Ok, i have tested it for a good half of my day, even accidentally crashing some AT&T router on the way, because REGEXP expressions was too complex. "System returned to ROM by bus error at PC 0x60734DC0, address 0x8" it said...
So i gave up on the complex REGEXP. All 7206 routers crash with it, with any IOS i tried.
But what you can go with, that doesn't crash, is one of the following:
1. Create several ACL (three in your case) and create route-map with AND logic. All route-maps have can use AND or OR logic on match commands. If match command is followed by parameters in one line, OR logic is used. If match commands are on new lines, AND logic is used.
But i could not get that to work on my enterprise 12.3 IOS. Even when entering commands on new lines, after show route-map command, all match statements were on the same line. Maybe another IOS will do.
2. Second option is define ACL for every AS PATH and use BGP route-map continue function.
http://www.cisco.com/en/US/customer/products/ps6566/products_feature_guide09186a00801a7f7a.html
So you'd have:
ip as-path access-list 140 permit _15169$
ip as-path access-list 141 permit _10310$
ip as-path access-list 142 permit _36752$
route-map YAHOO_GOOGLE_CHECK permit 10
match as-path 140
continue 20
route-map YAHOO_GOOGLE_CHECK deny 15
route-map YAHOO_GOOGLE_CHECK permit 20
match as-path 141
continue 30
route-map YAHOO_GOOGLE_CHECK deny 25
route-map YAHOO_GOOGLE_CHECK permit 30
match as-path 142
This way, all as_paths are checked in sequence. If at least on as-path ACL is not matched, it falls through to the next sequence and is instantly denied with the sequence ending in 5. If it is present, than it continues to the sequence ending in 0. So all of the AS_PATH have to be present.
06-26-2007 02:01 PM
...But i guess none of the AS_path will successfully finish until the end, because route-map evaluates routes line by line.
So scratch the previous idea...
06-27-2007 05:03 AM
What do you mean that none of the AS_Path will successfully finish until the end?
I think you're route-map is better than the one submitted to us by the ISP.
-John
06-27-2007 05:25 AM
Hi Mohammed Mahmoud,
About your post, it seems the it will execute a preemption on the HSRP if the host does not reply to an ICMP. What about triggering a static route when the host does not respond? So it can route to another ISP if the host does not respond. I know BGP is the best way to implement regarding lost routes and trigger a reroute. However, how can we implement this without using BGP and by tracking the latency on one ISP.
-John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide