BGP AS-PATH PROBLEM

Unanswered Question
Mar 21st, 2008
User Badges:

I trying to have all icomming traffic in from one IPS and the other as the fail over. I have all going out fine but incoming always uses the backup IPS which is a slower speed. What is missing?


router bgp 99999

no synchronization

bgp log-neighbor-changes

bgp dampening

network x.x.x.0

neighbor 69.xx.xx.xx remote-as 1111

neighbor 69.xx.xx.xx ebgp-multihop 3

neighbor 69.xx.xx.xx timers 10 30

neighbor 69.xx.xx.xx filter-list 2 in

neighbor 69.xx.xx.xx filter-list 3 out

neighbor 69.xx.xx.xx weight 2000

neighbor 144.xx.xx.xx remote-as 2222

neighbor 144.xx.xx.xx description Backup ISP

neighbor 144.xx.xx.xx timers 10 30

neighbor 144.xx.xx.xx route-map prepend out

neighbor 144.xx.xx.xx filter-list 1 in

neighbor 144.xx.xx.xx filter-list 3 out

neighbor 144.xx.xx.xx weight 100

no auto-summary


ip as-path access-list 1 permit ^2222_[0-9]*$

ip as-path access-list 2 permit ^1111_[0-9]*$

ip as-path access-list 3 permit ^$


route-map prepend permit 10

set as-path prepend 99999 99999 99999

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Danilo Dy Fri, 03/21/2008 - 14:12
User Badges:
  • Blue, 1500 points or more

Hi,


Prepending will not totally eliminate the incoming traffic from backup ISP. The "best" it can do is to minimize the incoming traffic from backup ISP by making this path longer.


Try advertising your network with longer prefix to primary ISP and to backup ISP using shorter prefix. For example, if your network is /24, advertised it to primary ISP as 2 x /25 and to backup ISP as /24


Regards,

Dandy


Harold Ritter Fri, 03/21/2008 - 15:08
User Badges:
  • Cisco Employee,

George,


Bear in mind that the ISP that you select as secondary will look at the prefix it receives from you with the as-path prepended and the one it receives from its peer(s) and/or transit(s) ISPs and will base his best path decision on the shortest AS PATH but more importantly on the local preference.


ISPs usually prefer routes in the following order using local preference; customer, peer and finally transit routes. This is probably why you are seeing some traffic coming from your secondary ISP. Some providers allow their customers to send them specific community attributes to change the local preference they assign to their routes. This could be one way to make sure that the secondary ISP will only be used in failover scenario.


Check with your ISP to find out if they will let you influence the local preference they assign to your routes.


The other way to make sure the traffic always comes via the primary (except in case of failover) is to use BGP conditional advertisement. For more information on this feature, refer to the following link:


http://www.cisco.com/warp/public/459/cond_adv.html


Regards,

marikakis Sat, 03/22/2008 - 14:16
User Badges:
  • Gold, 750 points or more

Great advice from Harold as usual :-)

fortis123 Fri, 03/28/2008 - 13:08
User Badges:

Hi Harold,


Local preference point is perfect. Infact I have to work on the Same scenario 2 ISPs, 2 customer rtrs. Iam planning to go with HSRP on LAN end of the rtrs. So, still the best choice to choose pefect priamry & backup path is to use communities to effect backup ISP (preferably) local preference rather than AS-path prepend.

Is that correct..?


please suggest.


Thank you in advance.

MS

Harold Ritter Sat, 03/29/2008 - 08:35
User Badges:
  • Cisco Employee,

Mehboob,


The method of signalling the local preference to your ISP is usually used in conjunction with the as-path prepend.


So on the backup ISP you would prepend your own AS a couple of times (as needed) and you would also send a community to the ISP to indicate that you want it to prefer any routes received either from a peer or transit.


Once again, the conditional advertisement is the only technique that will absolutely make sure that the backup ISP is only used in case of a failure of the primary.


Regards,

fortis123 Sat, 03/29/2008 - 11:05
User Badges:

Hi Harold,

Thank you for your suggestion and time. So based on the below configs... (considering 1.1.1.0/24 is our own RIPE assigned public space...)


RTR-A: 10MB Fast Ether to ISP-A


router bgp 42460

no synchronization

bgp log-neighbor-changes

network 1.1.1.0 mask 255.255.255.0

network 10.10.10.4 mask 255.255.255.224

neighbor 213.10.96.48 remote-as 21530

neighbor 213.10.96.48 ebgp-multihop 255

neighbor 213.10.96.48 remove-private-as

neighbor 213.10.96.48 soft-reconfiguration inbound

neighbor 213.10.96.48 distribute-list 15 out

neighbor 213.10.96.49 remote-as 21530

neighbor 213.10.96.49 ebgp-multihop 255

neighbor 213.10.96.49 remove-private-as

neighbor 213.10.96.49 soft-reconfiguration inbound

neighbor 213.10.96.49 distribute-list 15 out

no auto-summary

!

Fast Ether 0/1

descruption : LAN

ip address 1.1.1.2 255.255.255.0

standby 10 1.1.1.1

standby 10 preempt delay minimum 60

standby 10 priority 155

standby 10 track fast 0/0

!

distribute-list 15 : has ACL permits 1.1.1.0/24 and other /28 range to ISP-A

-----------------------------------

ISP-B : 2MB via Serila0/0


router bgp 42460

no synchronizartion

bgp log-neighbor-changes

network 1.1.1.0 mask 255.255.255.0

neighbor 229.23.50.157 remote-as 6466

neighbor 229.23.50.157 next-hop-self

neighbor 229.23.50.157 soft-reconfiguration inbound

neighbor 229.23.50.157 route-map set-as-path out

!

ip prefix-list ISP-B seq 10 permit 1.1.1.0/24

ip prefix-list ISP-B seq 20 deny 0.0.0.0/0 le 32

!

route-map set-as-path permit 10

match ip address prefix-list ISP-B

set as-path prepend 42460 42460 42460 42460 42460

!

inter fast 0/1

description: LAN

Fast Ether 0/1

descruption : LAN

ip address 1.1.1.3 255.255.255.0

standby 10 1.1.1.1

standby 10 preempt

standby 10 priority 150

______________________________________


To make ISB-B strict backup, I also have to use community (send out) to ISP-B to prefer routes from my peer only rather from other peer/transit. ( i noted you prefer conditional advertisement, but could not find exaple with dual Local rtrs/dual ISPs)


Also, as rtrs residing outside of firewall and not communicatiing with any internal IGP (in LAN), do I still need IBGP between these routers..? or the configs I mentioned are sufficient..?


Please suggest.

Thank you in advance

MS


Harold Ritter Sat, 03/29/2008 - 12:33
User Badges:
  • Cisco Employee,

Hi Mehboob,


Yes, you would indeed need to send a special community ISP-B and add the command "neighbor send-community". You first need to talk to ISP-B to see whether they offer the community to local-preference mapping service and what community you need to use if they do.


As for conditional advertisement, it is possible to configure it with two routers. It requires iBGP between the two routers so that the backup can be informed that a given route to the Internet ia not available anymore via the primary provider and then start advertising the local prefix(es) to the Internet.


Regards,

Harold Ritter Sat, 03/29/2008 - 12:39
User Badges:
  • Cisco Employee,

Mehboob,


I forgot to answer your second question. In a primary/backup scenario, you do not necessarily need to run iBGP between the two routers.


Regards,

fortis123 Sat, 03/29/2008 - 13:43
User Badges:

Hi Harold,


Thank you for your quick reply and valuable suggestions. I will definitely get in touch with ISP-B for community information to adjust local preference (in this case I belive ISP-B need to lower Local pref for routes from my rtr).


Also, infact, I did a test last week with the same scenario (AS Paht but no community & no IBGP) with one exception..


ISP-A rtr: 'no synchronization'


ISP-B rtr: synchronization


So even if I connect a laptop directly to the switch where these 2 rtrs LAN i/f connects, when HSRP rollover happens , it took 4-5Mins to go to internet via ISP-B. (no carrier issues at that time). So is 'synchronization' (enabled on one and disabled on another)..causing the issue..?


Please suggest...


Thank you

Mehboob



fortis123 Mon, 03/31/2008 - 09:54
User Badges:

Hi Harold / any BGP Gurus,


Any suggestions on the above..?


Thank you

MS

Harold Ritter Mon, 03/31/2008 - 10:47
User Badges:
  • Cisco Employee,

Mehboob,


The synchroniztion has nothing to do with it. Was the 4-5 minute related to link failure detection? What kind of link failure was it? How is you HSRP configure to failover? Just link down?


Regards,

fortis123 Mon, 03/31/2008 - 11:59
User Badges:

The 4-5min delay is to route the traffic via the secondary ISP (ISP-B). Link failure and HSRP takeover happing with no issues.HSRP configured to failover on Pririty basis and Trackign the publi interface on the ISP-A conencted rtr.


The very similar confige I posted here (above) and the both routers LAN ports and the Laptop port configured int eh same Vlan on the external switch.


Thank you

MS

Harold Ritter Mon, 03/31/2008 - 12:26
User Badges:
  • Cisco Employee,

Mehboob,


You should check if the advertised routes from your router connected to ISP-B are seen on the Internet. You can do that using an Internet looking glass.


The other possibility is that your ISP is using BGP route dampening, which would potentially penalize your route(s).


Regards,

fortis123 Wed, 04/02/2008 - 08:41
User Badges:

Iam still waiting on my query from ISP regards to Route Dampening. But the ISPB (backup) do not support communitities...his reply..


"we are not currently offering community strings for BGP attributes. But if you want we can manually reduce the local preference of your prefixes on our access router."


Is it recomended to go with manual reduced Local pref on ISP end..?

Or work with ISP-A to advertise /25 & /25 instead of /24..?


please advice.


Thank you

MS


fortis123 Wed, 04/02/2008 - 08:59
User Badges:

Hi,


My apologies about the Route Dampening update. You are mentioning Route Dampening from ISP-A (primary end).. is that correct...?


Becayuse on ISP-B end , we never bring down the link. Only on ISP-A end, for testing on HSRP, we pull the cable on orouter public interface. So ISP -A may be seeing the route failure, buu I believe, they are not dampening any routes, as when we put back the ISP_A cable, we have no issues in going online.


Only issues we have is... when I try to make ISP-B Active router (by pulling ISP-A public i/f cable) , then its taking 5-7 mins for the internet browseing to occur, even though ISP-B rtr takes the 'Active' role.


At this time, I think if IBGP is not needed between 2peers, then 'Synchronization' might be causing the issue.. not 100% sure though...


Any suggestions are appreciated.


Thank you in advacne

MS

Harold Ritter Thu, 04/03/2008 - 09:27
User Badges:
  • Cisco Employee,

Mehboob,


I was referring to BGP dampening on the back up ISP (ISP B). If this provider does use dampening, it could somehow cause the behavior you have seen.


Regards,

Harold Ritter Wed, 04/02/2008 - 10:35
User Badges:
  • Cisco Employee,

Mehboob,


The manual configuration of the local preference would do the job.


The issue with advertising a /25 to ISP A is that most SP on the Internet will filter out prefixes /25 or longer. ISP A might accept it but its upstream might not.


Regards,

fortis123 Thu, 04/03/2008 - 13:52
User Badges:

Hi Harold,


Thank you very much for your information. Will update you after the test. It maight take few days..:-)


Thank you

MS


gjohnson1963 Fri, 04/11/2008 - 12:46
User Badges:

Question

One provider is sending partial routes the other sending default routes.

1. Is this a problem?

2. What would be the best option , both default or both partial .(Hardware 3640 128 meg )


Harold Ritter Fri, 04/11/2008 - 13:59
User Badges:
  • Cisco Employee,

George,



1. You may just end up sending more traffic on through the provider sending the partial. Not a problem if you do not reach the link capacity.


2. It depends on the providers but some of them will send you lots of routes even if they just send you partial routes. This could be a problem given that you only have 128MB of memory on this box. It also depends on what you are trying to achieve. Default from both providers may be just fine.


Regards,

Actions

This Discussion