Little BGP help please

campbech1 · ‎10-14-2008

We currently have two ISPs that we BGP peer with and before this last weekend this wasn't an issue.

This past weekend we swapped our primary and secondary ISPs. We also changed from VRRP to HSRP (not an issue).

I thought I configured the routers properly but I either missed a step or have something configured wrong.

Here is what I'm trying to do:

Primary ISP will be just that, our primary ISP. 100% of traffic needs to move across this connection with our secondary connection sitting idle just waiting for us to failover to it.

BGP with our both of our ISPs is established. The issue we seem to be having though is that we are getting inbound and outbound traffic on our primary ISP but we are also getting inbound traffic on our secondary ISP but no outbound. We need to have ALL traffic come in and out the primary ISP.

Here is a stripped config:

Primary router:

router bgp 40xxx

no synchronization

bgp log-neighbor-changes

network 198.108.x.x mask 255.255.254.0

neighbor 67.38.x.x remote-as 71xx

neighbor 67.38.x.x description Bronson (40xxx) to SBC (71xx) eBGP

neighbor 67.38.x.x password 7 1427414A1B110xxxxx

neighbor 67.38.x.x update-source FastEthernet0/1

neighbor 67.38.x.x version 4

neighbor 67.38.x.x send-community

neighbor 67.38.x.x soft-reconfiguration inbound

neighbor 67.38.x.x prefix-list Bronson-to-SBC out

neighbor 67.38.x.x route-map Bronson-to-SBC in

no auto-summary

ip prefix-list Bronson-Merit seq 5 permit 198.108.x.x/23

route-map Bronson-to-SBC permit 10

match ip address prefix-list Bronson-Merit

set local-preference 110

set community 467409418

!

Secondary router:

router bgp 40xxx

no synchronization

bgp log-neighbor-changes

network 198.108.x.x mask 255.255.254.0

neighbor 198.108.x.x remote-as 2xx

neighbor 198.108.x.x description Bronson (40xxx) to Merit (2xx) eBGP

neighbor 198.108.x.x password 7 014312400B5D1xxxxx

neighbor 198.108.x.x update-source FastEthernet0/1

neighbor 198.108.x.x version 4

neighbor 198.108.x.x soft-reconfiguration inbound

neighbor 198.108.x.x prefix-list Bronson-Merit out

neighbor 198.108.x.x route-map MeritIn in

no auto-summary

ip prefix-list Bronson-Merit seq 5 permit 198.108.x.x/23

route-map MeritIn permit 10

match ip address prefix-list Bronson-Merit

set local-preference 90

set as-path prepend 40xxx 40xxx 40xxx 40xxx 40xxx 40xxx

Not sure what else needs to be done. I have stressed myself out for the past few nights and its time to ask for a little help.

Thanks in advance.

Giuseppe Larosa · ‎10-14-2008

Hello Chris,

you should do AS path prepend out to secondary ISP and not inbound:

neighbor 198.108.x.x prefix-list Bronson-Merit out

>>neighbor 198.108.x.x route-map MeritIn in

should become:

neighbor 198.108.x.x route-map MeritIn out

this could help to minimize inbound traffic from secondary ISP but you cannot have a zero inbound from secondary ISP unless you use BGP conditional advertising (you advertise your networks to secondary ISP only if some BGP route coming from primary ISP is missing indicating primary eBGP session has failed)

Hope to help

Giuseppe

rais · ‎10-14-2008

Yes the problem is your as-path prepends as indicated by Giuseppe.

Thanks.

campbech1 · ‎10-14-2008

Thanks guys. I have changed the line to read:

neighbor 198.108.x.x route-map MeritIn out

Do I need to issue any other commands for this to take effect?

Jon Marshall · ‎10-14-2008

clear ip bgp 198.108.x.x soft out

Jon