×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

BGP next hop selection based on source address

Unanswered Question
May 9th, 2009
User Badges:

Hi,

I have two eBGP sessions to two different AS's.

Is it possible to select BGP next-hop based on the ip packet source address?

Is it possible to use PBR together with BGP?

If it's possible has somebody any config example?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Sat, 05/09/2009 - 04:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Niklas,


>> Is it possible to select BGP next-hop based on the ip packet source address?


No, BGP has a lot of policies but still uses destination based routing


>> Is it possible to use PBR together with BGP?


yes, but you can influence the outbound path only.

The return path is still ruled by BGP.


a complex example using VRF aware PBR


http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html#wp1101387


Hope to help

Giuseppe


lamav Sat, 05/09/2009 - 06:33
User Badges:
  • Blue, 1500 points or more

Giuseppe:


Wouldn't it be possible to establish a flow, match on it, and set the next hop accordingly using access lists, a route map and BGP?


access-list 110 permit ip 10.0.0.0 0.0.0.255 any


route-map BGP permit 10

match ip address 110

set ip next-hop 2.2.2.2


router BGP 65000

neighbor 1.1.1.1 remote-as 65001

neighbor 1.1.1.1 route-map BGP

neighbor 2.2.2.2 remote-as 65002


Packets received from neighbor 1.1.1.1 whose source address is 10.0.0.0/8 and heading anywhere, will be forwarded to neighbor 2.2.2.2, according to the route map named BGP.


Is this feasible?


Victor

Giuseppe Larosa Sat, 05/09/2009 - 22:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Victor,

this is an attempt to advertise a third-party next-hop to Router1 1.1.1.1 but on which routes should be this modified next-hop be associated ?


I don't think this can work.

We can change the BGP next-hop of selected routes in an outbound route-map, but the ACL that we invoke in it has the duty to decide which routes should have the attribute changed


it doesn't apply to live traffic but to routes exchange.

To intercept live traffic you need PBR applied inbound the LAN internal interface.

But this is again PBR, the fact that you have BGP neighbors it is a different matter it is not BGP the one that does source based routing.



However, as you have noted Harold has pointed out that, in an MPLS context PBR can be used to perform source based VRF selection but it still the PBR feature that does source based routing.


Hope to help

Giuseppe


lamav Sun, 05/10/2009 - 06:58
User Badges:
  • Blue, 1500 points or more

Giuseppe!


Wow, I must have been drunk or on heavy allergy medications when I asked this question! Im serious, the diphenhydramine has me practically hallucinating LOL..How retarded!


A route map applied to a BGP neighbor acts on the control plane to populate the BGP and route table. It is not used for policy routing on the data/forwarding plane. There is no inspection of source and destination addresses of actual traffic and re-routing accordingly.


To implement policy routing, you have to apply the route map to an interface that will receive the data traffic and forward the packet accordingly.


The route map I configured, in and of itself, is syntaxically correct, but of course its execution and application were from outer space.


Thanks for answering my question, as idiotic as it was. lolol


Victor

Harold Ritter Sat, 05/09/2009 - 12:36
User Badges:
  • Cisco Employee,

Niklas,


You can use the VRF selection feature to achieve this. You would have each session to the eBGP neighbors in a different VRF. You would then use one VRF or the other based on the source address of the incoming packet.


Refer to the following URL for more information on this feature:


http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html


Regards

Actions

This Discussion