08-11-2008 08:47 AM - edited 03-03-2019 11:06 PM
Hello BGP Gurus,
I have client with 2 ISPs/Dual routers. ISP-A :10Meg & ISP-B : T1
Local public AS advertised to ISPA & ISPB (with ISP-B : via AS-Prepend). Traffic still using ISP-Bfor coming into Network. This is understandable -as the AS-prepend will not 100% give real control on the Incoming traffic. What is the Best way to make sure only ISP-A used for Incoming/outgoing. ISP-B does not support communities. Any way without involving carriers..?
Please see below the configs:
ISP-A / PRIMARY
interface FastEthernet0/0
description :LAN
ip address 60.9.12.3 255.255.255.0
standby 10 ip 60.9.12.1
standby 10 priority 155
standby 10 preempt delay minimum 60
standby 10 track FastEthernet0/1
!
interface FastEthernet0/1
description :TO_ISP-A_10Meg
ip address 87.27.9.102 255.255.255.252
speed 100
full-duplex
no cdp enable
!
router ospf 1
log-adjacency-changes
area 884 stub no-summary
network 60.9.12.0 0.0.0.255 area 884
network 87.27.9.100 0.0.0.3 area 884
network 87.27.12.96 0.0.0.31 area 884
!
router bgp 4241
no synchronization
bgp log-neighbor-changes
network 60.9.12.0 mask 255.255.255.0
network 87.27.12.96 mask 255.255.255.224
neighbor 60.9.12.2 remote-as 4241
neighbor 60.9.12.2 next-hop-self
neighbor 21.10.6.48 remote-as 2052
neighbor 21.10.6.48 ebgp-multihop 255
neighbor 21.10.6.48 timers 10 30
neighbor 21.10.6.48 remove-private-as
neighbor 21.10.6.48 soft-reconfiguration inbound
neighbor 21.10.6.48 distribute-list 15 out
neighbor 21.10.6.49 remote-as 2052
neighbor 21.10.6.49 ebgp-multihop 255
neighbor 21.10.6.49 timers 10 30
neighbor 21.10.6.49 remove-private-as
neighbor 21.10.6.49 soft-reconfiguration inbound
neighbor 21.10.6.49 distribute-list 15 out
no auto-summary
!
access-list 15 permit 87.27.12.96 0.0.0.31
access-list 15 permit 60.9.12.0 0.0.0.255
**************************
ISP-B/BACKUP:
!
interface FastEthernet0/0
description :LAN
ip address 60.9.12.2 255.255.255.0
standby 10 ip 60.9.12.1
standby 10 priority 150
standby 10 preempt
!
interface Serial0/2/0
description :ISP_BACKUP- T1
ip address 21.23.53.18 255.255.255.252
!
router bgp 4241
no synchronization
bgp log-neighbor-changes
network 60.9.12.0 mask 255.255.255.0
neighbor 60.9.12.3 remote-as 4241
neighbor 60.9.12.3 next-hop-self
neighbor 213.253.53.157 remote-as 842
neighbor 21.23.53.17 next-hop-self
neighbor 21.23.53.17 soft-reconfiguration inbound
neighbor 21.23.53.17 route-map SET-AS-PATH out
no auto-summary
!
ip prefix-list TO_ISP-B seq 5 permit 195.35.104.0/27
ip prefix-list TO_ISP-B seq 10 permit 60.9.12.0/24
ip prefix-list TO_ISP-B seq 20 deny 0.0.0.0/0 le 32
!
route-map SET-AS-PATH permit 10
match ip address prefix-list TO_ISP-B
set as-path prepend 4241 4241 4241 4241 4241
!
Thank you in advance
MS
08-11-2008 09:10 AM
No good way to do this. As you have found AS-path only partially works.
Only way to make sure it works is to not tell the secondary ISP until you really want him to use it.
You can conditionally advertise the routes to the second ISP based on the availability of the first. Now what you actually monitor to determine when you allow the routes is the tricky part. Obviously if you lose connectivity to the first ISP but you also need to look at cases where you can see the ISP but the is little or no connectivity past.
The main disadvantage to doing this is you have delays in the time it takes to detect the outage and then propagate your routers via the seconds ISP.
08-11-2008 09:31 AM
Hi Tim,
Thank you for your quick reply. I agree about the delays while using 'Conditional advt' feature and thats the reason I do not want to go with that choice.
Also, with the existing BGP & HSRP configs, incase if I use 'Conditional Advt' can you please tell what would be the approx delay incase of primary routes not available..?
Can you please provide more insight on your statement..
"Only way to make sure it works is to not tell the secondary ISP until you really want him to use it".?
Not to advertise out AS to outside world..? If that is the case what happenes when my primary goes down..? I need to call the
ISP-B and request changes allow the AS..?
Please suggest.
Thank you
MS
08-11-2008 10:11 AM
You would still have your neighbor with the secondary isp up and it would know your AS number you just would send him no routes. As far as he knows the prefixes you are advertising are down.
The delay is hard to say. Since your main ISP is on a ethernet port and these tend to be up/up even when you lose the network you will be dependent on BGP timeout which is 3 minutes in most cases. So it will take 3 minutes to detect the outage and then you will start to send the route to the second ISP. Hard to say how long it takes to propagate a route thought he internet, a couple of minutes.
This is a good example that show how conditional advertisement works
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml
08-11-2008 10:49 AM
Thank you. I have this link and Tested this few wks back. But even with the BGP timers set to (5 15 and), the propagation and learning delays were not encouraging. So looking for another options.
Also, Can you please provide more insight on your statement..
"Only way to make sure it works is to not tell the secondary ISP until you really want him to use it".?
Thank you
MS
08-11-2008 11:01 AM
I put that statement in case you didn't know what conditional advertisement was. The only other option is community which your ISP does not support.
I really don't know of another way, in most cases I just live with the traffic that as-path prepend does not prevent.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: