BGP issue upload is going through one router but download across the other

Answered Question
Mar 27th, 2009

Hi everybody,


I have two Cisco 7513s connected to our ISP via BGP.


Router 1's IP is x.x.x.2

Router 2's IP is x.x.x.3


Our ISP's IP is x.x.x.1.


Both routers are connected to the ISP IP.

The weight on Router 1's BGP is set to 120 for while Router 2's is default.


All traffic (incoming/outgoing)would go thru Rtr 1 and would subsequently failover to Rtr 2 during any incident.


After an incident earlier this week, Rtr 2's link to ISP was disconnected and a few minutes later, the same thing happened to Rtr 1. When everything went back to normal, I found that all outbound traffic to ISP is going through Rtr 1 whereas all inbound traffic is coming from Rtr 2.


I tried shutting Rtr 2's ISP connection hoping traffic would go to Rtr 1 but that caused all inbound traffic to drop. I'm really not sure where to look to solve this problem but I'm sure a few heads are better than one to figure this out.


Thanks!

Correct Answer by Giuseppe Larosa about 7 years 11 months ago

Hello Muhammad,

if you want to try to influence the inbound path chosen by ISP router you should use the MED:


R1 has to send out prefixes with a lower MED

R2 has to send out prefixes with an higher MED


use

route-map set_med_r1 permit 10

match ip address filter_private_ip

set metric 50


R1:

no neighbor x.x.x.1 distribute-list

filter_private_ip out

neighbor x.x.x.1 route-map set_med_r1 out



on R2:


route-map set_med_r2 permit 10

match ip address filter_private_ip

set metric 500


no neighbor x.x.x.1 distribute-list

filter_private_ip out

neighbor x.x.x.1 route-map set_med_r2 out


the idea is to change the outbound route filter with a route-map that for permitted routes set the metric (MED) field

lowest is preferred


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
WabukiSensei Fri, 03/27/2009 - 00:55

Here's Rtr 1's (x.x.x.2) configs:


router bgp MY_BGP

no synchronization

bgp log-neighbor-changes

bgp graceful-restart restart-time 120

bgp graceful-restart stalepath-time 360

bgp graceful-restart

network x.x.x.0 mask 255.255.255.248

redistribute static

neighbor x.x.x.1 remote-as ISP

neighbor x.x.x.1 version 4

neighbor x.x.x.1 soft-reconfiguration

inbound

neighbor x.x.x.1 distribute-list

filter_private_ip out

neighbor x.x.x.1 route-map MetroE-inbound in

no auto-summary


This is Rtr 2's (x.x.x.3) configs:


router bgp MY_BGP

no synchronization

bgp log-neighbor-changes

bgp graceful-restart restart-time 120

bgp graceful-restart stalepath-time 360

bgp graceful-restart

network x.x.x.0 mask 255.255.255.248

redistribute static

neighbor x.x.x.1 remote-as ISP

neighbor x.x.x.1

soft-reconfiguration inbound

neighbor x.x.x.1 distribute-list

filter_private_ip out

no auto-summary

Correct Answer
Giuseppe Larosa Fri, 03/27/2009 - 01:16

Hello Muhammad,

if you want to try to influence the inbound path chosen by ISP router you should use the MED:


R1 has to send out prefixes with a lower MED

R2 has to send out prefixes with an higher MED


use

route-map set_med_r1 permit 10

match ip address filter_private_ip

set metric 50


R1:

no neighbor x.x.x.1 distribute-list

filter_private_ip out

neighbor x.x.x.1 route-map set_med_r1 out



on R2:


route-map set_med_r2 permit 10

match ip address filter_private_ip

set metric 500


no neighbor x.x.x.1 distribute-list

filter_private_ip out

neighbor x.x.x.1 route-map set_med_r2 out


the idea is to change the outbound route filter with a route-map that for permitted routes set the metric (MED) field

lowest is preferred


Hope to help

Giuseppe


WabukiSensei Fri, 03/27/2009 - 04:00

Hi Giuseppe,


Thanks for the suggestion. Is there a reason why MED is preferred over weight in this scenario? Just trying to understand why this is important.


Thanks!


Muhammad

Giuseppe Larosa Fri, 03/27/2009 - 04:17

Hello Muhammad,


weight is a local parameter never passed in BGP updates and allows to choice the outbound paths only and only on R1.


MED is instead a parameter passed on BGP updates and it is the right tool here.

It it is the ISP router that decides how inbound traffic is sent to your devices not your router.

Up to now no parameters were set and the oldest eBGP route was used.


With MED you provide an explicit mechanism to say what is your preferred ingress point for inbound traffic


Hope to help

Giuseppe


lamav Fri, 03/27/2009 - 05:27

Muhammad:


As-salameh a3laykum.


As Giuseppe pointed out, when you set the weight on R1, what you are doing is making the routes learned by R1 more preferable to your inside network.


For example, your ISP advertises a path to network 5.5.0.0/20 to both R1 and R2. By placing a higher weight on the routes learned by R1, you are making the outbound path to 5.5.0.0/20 more desirable through R1. Your BGP speakers on your network will say "R1 has the best path to the ISP. His routes have a higher weight than R2, so R1's routes are more efficient."


The truth is that the ISP advertised the same routes to both R1 and R2 with the same level of desirablility, but by placing the weight on R1, you make it look like it has a better path to the ISP and your routers will send their Internet-bound traffic to R1. So, weight is used to influence the OUTBOUND traffic from your network to the advertised network on the Internet.


But thats not what you want to do. You want to influence INBOUND traffic. You want to tell your service provider to use the link to R1, in other words to see R1 as the better path to your inside network.


So, the ISP router learns of your prefixes through R1 and R2 and then says, "hmmmm, which guy should I send traffic to?" The ISP will send traffic to whomever advertises a more desirable route to your inside networks. The way you do that is by setting the MED, otherwise known as the Metric. The ISP will learn routes from R1 with a better metric -- more desirable. So, R1 will then receive INBOUND traffic.


Makes sense?


I hope I dint kill the issue with too much detail. :-)


Victor

rpfinneran Sun, 03/29/2009 - 03:56

Another pretty quick fix is to just add your AS to the AS-Path a few times, making it have a high AS Path hop count, and thus less desirable.


route-map PREPEND permit 10

set as-path prepend

exit

!

router bgp

neighbor x.x.x.1 route-map PREPEND out

end

wr

WabukiSensei Sun, 04/05/2009 - 18:38

Hi All,


Thanks for all the suggestions. The issue has been resolved. Apparently the problem was on the service provider end.


Again, thank you for all the suggestions!

Marwan ALshawi Sun, 04/05/2009 - 20:06

Hi

i would say that MED is not always good option with ISPs as they not prefere it becuase it makes issue withthier routing

i would suggest to use as mentioned by other post

is AS prepend

or call your ISP and check which method they use some times ISPs ask to send a cipicific community strin to let them prefere that link with that community string


thank you

Hope this helps

Actions

This Discussion