03-15-2009 05:55 AM - edited 03-04-2019 03:56 AM
I am getting full internet route from ISP-1 and getting just a default route from ISP-2. ( Both ISP connection is terminated on the one central site router.) What i am trying to do , to make an ISP-2 connection is completly backup for inbound traffic. To achieve that ,i am trying to use BGP conditional advertisemet configuration. I have got a problem with NON-EXIST route map's access-list. In the NON-EXIST router map i am using the commands which is written below ;
ip as-path access-list 1 permit ^200 !!! (ISP-1 AS number) !!!
access-list 65 permit any !!! (permit any packet from ISP-2) !!!
route-map NON-EXIST permit 10 !!! (this matches any route from AS200) !!!
match ip address 65
match as-path 1
router bgp 10 !!! (My AS number) !!!
neighbor X.Y.Z.W (ISP-2 ip address) advertise-map ADVERTISE non-exist-map NON-EXIST !!! (What is says. This router will only advertise "networks defined in the route-map named ADVERTISE" if and only if "routes that are defined in the route-map named NON-EXISTS" do not appear in the BGP routing table.) !!!
with this configuration when the ISP-1 connection is up , my router still adversite my subnet to the ISP-2. What should i write in the access-list 65 to not advertise my subnet to the ISP-2 until the failure of ISP-1 connection ? ( As i said , i am getting the full internet table from ISP-1.)
Kind Regards...
03-15-2009 06:33 AM
03-15-2009 06:55 AM
In the attached Router's configuration ,
access-list 65 permit 172.16.1.0 0.0.0.255
command is used and with this command bgp conditional advertisement is working fine.
But when i use ,
access-list 65 permit any
command , the conditional advertisement doesn't work.
03-15-2009 03:20 PM
Hi,
"The prefix tracked by the BGP speaker must be present in the IP routing table for the conditional advertisement not to take place."
see http://www.cisco.com/en/US/docs/ios/12_0/np1/command/reference/1rbgp.html
I'm afraid this is not fulfilled if you put ip permit any
to your access-list 65.
You need to choose a particular prefix to track.
BR,
Milan
03-15-2009 04:06 PM
Burak,
As Milan indicated, you need to track on a specific route for conditional to work. My suggestion would be to change ISP1 to only receive the default, which is sufficient as you want to implement a primary and backup scenario. You can then set the non-existent map to track the default route and as-path coming from ISP1, which should give you what you need. Receiving the full routing table from ISP1 does not add any value in your scenario and does consume way more memory.
Regards
03-15-2009 04:16 PM
Sorry, I meant change ISP1 to only send the default route.
Regards
03-15-2009 05:31 PM
Hello ,
In the future , it is possible to configure some filtering or some other custom configs , that's why one of the ISP's sending a full route , that's not going to be changed.
In this kind of setup , which prefix should i trust from ISP-1 for non-exist route-map's access-list ? I have tried to use subnet between ISP-1 and multihoming router , but no success.
03-15-2009 06:05 PM
Burak,
In this case, I would recommend tracking on a couple of root DNS subnets as these are highly reliable subnets. This can be done by changing your ACL as follow:
access-list 20 permit 198.41.0.0 0.0.0.255 /* a.root-servers.net */
access-list 20 permit 192.228.79.0 0.0.0.255 /* b.root-servers.net */
access-list 20 permit 192.33.4.0 0.0.0.255 /* c.root-servers.net */
access-list 20 permit 128.8.0.0 0.0.255.255 /* d.root-servers.net */
Regards
03-16-2009 12:29 AM
Hi Harold ,
I am going to try your recommendation. Kind Regards...
Burak Dikici
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: