05-09-2009 01:30 AM - edited 03-04-2019 04:42 AM
Hi,
I have two eBGP sessions to two different AS's.
Is it possible to select BGP next-hop based on the ip packet source address?
Is it possible to use PBR together with BGP?
If it's possible has somebody any config example?
05-09-2009 04:35 AM
Hello Niklas,
>> Is it possible to select BGP next-hop based on the ip packet source address?
No, BGP has a lot of policies but still uses destination based routing
>> Is it possible to use PBR together with BGP?
yes, but you can influence the outbound path only.
The return path is still ruled by BGP.
a complex example using VRF aware PBR
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html#wp1101387
Hope to help
Giuseppe
05-09-2009 06:33 AM
Giuseppe:
Wouldn't it be possible to establish a flow, match on it, and set the next hop accordingly using access lists, a route map and BGP?
access-list 110 permit ip 10.0.0.0 0.0.0.255 any
route-map BGP permit 10
match ip address 110
set ip next-hop 2.2.2.2
router BGP 65000
neighbor 1.1.1.1 remote-as 65001
neighbor 1.1.1.1 route-map BGP
neighbor 2.2.2.2 remote-as 65002
Packets received from neighbor 1.1.1.1 whose source address is 10.0.0.0/8 and heading anywhere, will be forwarded to neighbor 2.2.2.2, according to the route map named BGP.
Is this feasible?
Victor
05-09-2009 10:41 PM
Hello Victor,
this is an attempt to advertise a third-party next-hop to Router1 1.1.1.1 but on which routes should be this modified next-hop be associated ?
I don't think this can work.
We can change the BGP next-hop of selected routes in an outbound route-map, but the ACL that we invoke in it has the duty to decide which routes should have the attribute changed
it doesn't apply to live traffic but to routes exchange.
To intercept live traffic you need PBR applied inbound the LAN internal interface.
But this is again PBR, the fact that you have BGP neighbors it is a different matter it is not BGP the one that does source based routing.
However, as you have noted Harold has pointed out that, in an MPLS context PBR can be used to perform source based VRF selection but it still the PBR feature that does source based routing.
Hope to help
Giuseppe
05-10-2009 06:58 AM
Giuseppe!
Wow, I must have been drunk or on heavy allergy medications when I asked this question! Im serious, the diphenhydramine has me practically hallucinating LOL..How retarded!
A route map applied to a BGP neighbor acts on the control plane to populate the BGP and route table. It is not used for policy routing on the data/forwarding plane. There is no inspection of source and destination addresses of actual traffic and re-routing accordingly.
To implement policy routing, you have to apply the route map to an interface that will receive the data traffic and forward the packet accordingly.
The route map I configured, in and of itself, is syntaxically correct, but of course its execution and application were from outer space.
Thanks for answering my question, as idiotic as it was. lolol
Victor
05-09-2009 12:36 PM
Niklas,
You can use the VRF selection feature to achieve this. You would have each session to the eBGP neighbors in a different VRF. You would then use one VRF or the other based on the source address of the incoming packet.
Refer to the following URL for more information on this feature:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: