BGP path Selection implementation

Unanswered Question
Aug 11th, 2008
User Badges:

Hello BGP Gurus,


I have client with 2 ISPs/Dual routers. ISP-A :10Meg & ISP-B : T1


Local public AS advertised to ISPA & ISPB (with ISP-B : via AS-Prepend). Traffic still using ISP-Bfor coming into Network. This is understandable -as the AS-prepend will not 100% give real control on the Incoming traffic. What is the Best way to make sure only ISP-A used for Incoming/outgoing. ISP-B does not support communities. Any way without involving carriers..?


Please see below the configs:


ISP-A / PRIMARY


interface FastEthernet0/0

description :LAN

ip address 60.9.12.3 255.255.255.0

standby 10 ip 60.9.12.1

standby 10 priority 155

standby 10 preempt delay minimum 60

standby 10 track FastEthernet0/1

!

interface FastEthernet0/1

description :TO_ISP-A_10Meg

ip address 87.27.9.102 255.255.255.252

speed 100

full-duplex

no cdp enable

!

router ospf 1

log-adjacency-changes

area 884 stub no-summary

network 60.9.12.0 0.0.0.255 area 884

network 87.27.9.100 0.0.0.3 area 884

network 87.27.12.96 0.0.0.31 area 884

!

router bgp 4241

no synchronization

bgp log-neighbor-changes

network 60.9.12.0 mask 255.255.255.0

network 87.27.12.96 mask 255.255.255.224

neighbor 60.9.12.2 remote-as 4241

neighbor 60.9.12.2 next-hop-self

neighbor 21.10.6.48 remote-as 2052

neighbor 21.10.6.48 ebgp-multihop 255

neighbor 21.10.6.48 timers 10 30

neighbor 21.10.6.48 remove-private-as

neighbor 21.10.6.48 soft-reconfiguration inbound

neighbor 21.10.6.48 distribute-list 15 out

neighbor 21.10.6.49 remote-as 2052

neighbor 21.10.6.49 ebgp-multihop 255

neighbor 21.10.6.49 timers 10 30

neighbor 21.10.6.49 remove-private-as

neighbor 21.10.6.49 soft-reconfiguration inbound

neighbor 21.10.6.49 distribute-list 15 out

no auto-summary

!

access-list 15 permit 87.27.12.96 0.0.0.31

access-list 15 permit 60.9.12.0 0.0.0.255

**************************


ISP-B/BACKUP:


!

interface FastEthernet0/0

description :LAN

ip address 60.9.12.2 255.255.255.0

standby 10 ip 60.9.12.1

standby 10 priority 150

standby 10 preempt

!

interface Serial0/2/0

description :ISP_BACKUP- T1

ip address 21.23.53.18 255.255.255.252

!

router bgp 4241

no synchronization

bgp log-neighbor-changes

network 60.9.12.0 mask 255.255.255.0

neighbor 60.9.12.3 remote-as 4241

neighbor 60.9.12.3 next-hop-self

neighbor 213.253.53.157 remote-as 842

neighbor 21.23.53.17 next-hop-self

neighbor 21.23.53.17 soft-reconfiguration inbound

neighbor 21.23.53.17 route-map SET-AS-PATH out

no auto-summary

!

ip prefix-list TO_ISP-B seq 5 permit 195.35.104.0/27

ip prefix-list TO_ISP-B seq 10 permit 60.9.12.0/24

ip prefix-list TO_ISP-B seq 20 deny 0.0.0.0/0 le 32

!

route-map SET-AS-PATH permit 10

match ip address prefix-list TO_ISP-B

set as-path prepend 4241 4241 4241 4241 4241

!



Thank you in advance

MS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tdrais Mon, 08/11/2008 - 09:10
User Badges:
  • Blue, 1500 points or more

No good way to do this. As you have found AS-path only partially works.


Only way to make sure it works is to not tell the secondary ISP until you really want him to use it.


You can conditionally advertise the routes to the second ISP based on the availability of the first. Now what you actually monitor to determine when you allow the routes is the tricky part. Obviously if you lose connectivity to the first ISP but you also need to look at cases where you can see the ISP but the is little or no connectivity past.


The main disadvantage to doing this is you have delays in the time it takes to detect the outage and then propagate your routers via the seconds ISP.

fortis123 Mon, 08/11/2008 - 09:31
User Badges:

Hi Tim,


Thank you for your quick reply. I agree about the delays while using 'Conditional advt' feature and thats the reason I do not want to go with that choice.


Also, with the existing BGP & HSRP configs, incase if I use 'Conditional Advt' can you please tell what would be the approx delay incase of primary routes not available..?


Can you please provide more insight on your statement..


"Only way to make sure it works is to not tell the secondary ISP until you really want him to use it".?


Not to advertise out AS to outside world..? If that is the case what happenes when my primary goes down..? I need to call the

ISP-B and request changes allow the AS..?


Please suggest.


Thank you

MS



tdrais Mon, 08/11/2008 - 10:11
User Badges:
  • Blue, 1500 points or more

You would still have your neighbor with the secondary isp up and it would know your AS number you just would send him no routes. As far as he knows the prefixes you are advertising are down.


The delay is hard to say. Since your main ISP is on a ethernet port and these tend to be up/up even when you lose the network you will be dependent on BGP timeout which is 3 minutes in most cases. So it will take 3 minutes to detect the outage and then you will start to send the route to the second ISP. Hard to say how long it takes to propagate a route thought he internet, a couple of minutes.


This is a good example that show how conditional advertisement works


http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml

fortis123 Mon, 08/11/2008 - 10:49
User Badges:

Thank you. I have this link and Tested this few wks back. But even with the BGP timers set to (5 15 and), the propagation and learning delays were not encouraging. So looking for another options.


Also, Can you please provide more insight on your statement..


"Only way to make sure it works is to not tell the secondary ISP until you really want him to use it".?



Thank you

MS

tdrais Mon, 08/11/2008 - 11:01
User Badges:
  • Blue, 1500 points or more

I put that statement in case you didn't know what conditional advertisement was. The only other option is community which your ISP does not support.


I really don't know of another way, in most cases I just live with the traffic that as-path prepend does not prevent.


Actions

This Discussion