cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1570
Views
0
Helpful
25
Replies

Multi BGP help - urgent

interwebmedia
Level 1
Level 1

Hello,

Recently we have changed over to BGP for our SINGLE PROVIDER we currently have.

The configuration looks like this:

router bgp AS_NUMBER

no synchronization

bgp router-id ROUTER_ID_IP

bgp log-neighbor-changes

network XXX.XXX.XXX.XXX (1) mask 255.255.252.0

network XXX.XXX.XXX.XXX (2) mask 255.255.252.0

network XXX.XXX.XXX.XXX (3) mask 255.255.252.0

network XXX.XXX.XXX.XXX (4) mask 255.255.252.0

neighbor NEIGHBOR_IP remote-as REMOTE_AS

neighbor NEIGHBOR_IP password BGP_PASS

neighbor NEIGHBOR_IP route-map filter-in in

no auto-summary

!

ip prefix-list only-default seq 5 permit 0.0.0.0/0

!

route-map filter-in permit 10

match ip address prefix-list only-default

!

-------------------------------

NOW, we are going to plug a NEW ISP and want to announce ONLY our NETWORK (4) above.

Meaning this ISP will only route that CLASS C. So they are announcing it on their end and I have to announce that I am routing this CLASS C on the new ISP in my device.

Can someone please provide EXACT configuration commands to put in my router in order to achieve this ??

As well, I told my new ISP to only route this Class C on their network. But what happens if I tell them to route ALL my IP's and I want ONLY this Class C to go through them, can this be achieved? or if they announce it then I cannot control incoming traffic since they are announcing it and therefore I can only control outgoing traffic ?? Can someone please detail this for me?

Waiting for an answer on both questions.

GREATLY appreciated

Thanks

25 Replies 25

Jerry Ye
Cisco Employee
Cisco Employee

Hi Elazar,

Are you going to use the same router or a different router to connect to this new ISP? The configuration will be different between a new router and single router multi-home. BTW, your network 4 is not a Class C network.

To answer the other questions, you need to block certain routes to your ISP and announce certain routes if these routes need to route by your ISP. ISP generally will not help you block routes. I am assuming you an assigned AS and public IP addresses by Arin.

Another question, you did not specify what routes you will want to take from your new ISP.

HTH,

jerry

Thank you for your answer.

You are right, Network 4 is a /22 but we will extract the FIRST /24 from that and route it with our new provider.

it is on the SAME ROUTER.

As well, Why I ask for the networks, is I want to know because our providers ask which Ip address block to announce... is it actually them announcing it or simply creating a filter to accept only those IP's from my network and then I decide what to route through them? Or what I tell them they will actually route on the internet ??

Yes we have public IP's with our own AS from Arin.

We only want default route from the ISP, like in the configuration with our first ISP.

Thanks

Hi Elazar,

I think your provider is trying to put a filter in place to accept certain network block(s) from you. Or you can

So here is the additional configuration on top of your existing to your 2nd provider, I am assuming you want to block the /24 into your current ISP:

!

! INSIDE BGP PROCESS

network XXX.XXX.XXX.XXX (4) mask 255.255.255.0

neighbor NEW_ISP_NEIGHBOR_IP remote-as NEW_ISP_REMOTE_AS

neighbor NEW_ISP_NEIGHBOR_IP password NEW_ISP_BGP_PASS

neighbor NEW_ISP_NEIGHBOR_IP route-map filter-in in

neighbor NEW_ISP_NEIGHBOR_IP route-map NETWORK_TO_ISP_XXXX out

neighbor NEIGHBOR_IP route-map NETWORK_TO_CURRENT_ISP out

!

! NETWORK TO BE ADV TO NEW ISP

ip prefix-list PREFIX_TO_ISP_XXXX seq 5 permit XXX.XXX.XXX.XXX/24

route-map NETWORK_TO_ISP_XXXX permit 10

match ip address prefix-list PREFIX_TO_ISP_XXXX

!

! NETWORK TO BE ADV TO CURRENT ISP

ip prefix-list PREFIX_TO_CURRENT_ISP seq 5 perm XXX.XXX.XXX.XXX(1)/22

ip prefix-list PREFIX_TO_CURRENT_ISP seq 10 perm XXX.XXX.XXX.XXX(2)/22

ip prefix-list PREFIX_TO_CURRENT_ISP seq 15 perm XXX.XXX.XXX.XXX(3)/22

ip prefix-list PREFIX_TO_CURRENT_ISP seq 20 perm XXX.XXX.XXX.XXX(4)/22

route-map NETWORK_TO_CURRENT_ISP permit 10

match ip address prefix-list PREFIX_TO_CURRENT_ISP

HTH,

jerry

So do I remove the announcement of the /24 to the current ISP or I just need to create an inside process which blocks it from announcing it?? as I want INCOMING and OUTGOING for that specific /24 to go through the NEW provider.

You will announce the /24 to your ISP (both ISP's) and use the filter to restrict what you are sending to the ISP.

The filter can be based on the prefix list as provided above, or an access-list like I provided below. They will both accomplish the same thing, prefix lists can make some configurations easier than an access-list, but I haven't seen anything a prefix list can do that an ACL can't, or vice versa.

If you do not advertise the /24 out to your ISP, there is no need to filter :)

HTH,

Craig

Hi Elazar,

The following configuration actually block the /24 going into your current ISP

ip prefix-list PREFIX_TO_CURRENT_ISP seq 5 perm XXX.XXX.XXX.XXX(1)/22

ip prefix-list PREFIX_TO_CURRENT_ISP seq 10 perm XXX.XXX.XXX.XXX(2)/22

ip prefix-list PREFIX_TO_CURRENT_ISP seq 15 perm XXX.XXX.XXX.XXX(3)/22

ip prefix-list PREFIX_TO_CURRENT_ISP seq 20 perm XXX.XXX.XXX.XXX(4)/22

route-map NETWORK_TO_CURRENT_ISP permit 10

match ip address prefix-list PREFIX_TO_CURRENT_ISP

! INSIDE BGP PROCESS

neighbor NEW_ISP_NEIGHBOR_IP route-map NETWORK_TO_ISP_XXXX out

If you would like to include the /24, just edit the prefix list to include the /24.

HTH,

jerry

Ok I will post here more details so I can get the exact configuration.

Let's resume what is going on here.

We have:

ISP1 - MTO (AS 21548)

ISP2 - COGENT (AS 174)

Current Config:

router bgp 21793

no synchronization

bgp router-id ROUTER_ID_IP

bgp log-neighbor-changes

network XXX.65.60.0 mask 255.255.252.0

network XXX.66.68.0 mask 255.255.252.0

network XXX.75.188.0 mask 255.255.252.0

network XX.76.96.0 mask 255.255.252.0

neighbor XX.254.237.9 remote-as 21548

neighbor XX.254.237.9 password BGP_PASS

neighbor XX.254.237.9 route-map filter-in in

no auto-summary

!

ip prefix-list only-default seq 5 permit 0.0.0.0/0

!

route-map filter-in permit 10

match ip address prefix-list only-default

!

NOW, what we need done is SIMPLE.

We are adding COGENT as a provider in our BGP.

We need this XXX.75.188.0 /24 To go ONLY on COGENT. It is announced as part of a /22 to the current ISP as you can see in the configuration. So what we need is ONE CLASS C (the first one) XXX.75.188.0 /24 to be advertised to COGENT and for INCOMING and OUTGOING traffic on this range to go ONLY through Cogent, it should NOT go through MTO.

Cogent Details for connectivity:

Cogent Connected Address Block: XX.104.152.4 /30

Cogent Router Port IP/Gateway: XX.104.152.5

Our Router Port IP: XX.104.152.6

Subnet: 255.255.255.252

Then they assign us a Cogent Assigned Ip Block:

XX.102.65.112 /29

BGP Password: BGP_PASS (not showing for security purposes)

I hope I gave all details to get an EXACT and COMPLETE configuration to ADD to our existing config in order to implement this.

Help is greatly appreciated.

Thanks

Hi,

Your IPS should not worry about the IP Addresses you announced by NETWORK statements. (these addressees are all private ip address, if I am wrong ,let me know ) these private IP network segments are the routes that the other branch need to know.

The ISP responsibility is to give you the Public ip address, these public ip addresses perform connection function which your router shares one the other side branch share another one. that all you should request from them,

I don't think your ISP has any necessary to filter or block any network segment in your internal network, which you NETWORK in to BGP,

hope this help

Yang

xcz504d1114
Level 4
Level 4

create an access-list that matches your (4) network.

access-list 4 permit 4.4.4.0 0.0.0.255

Create a route-map for your new ISP specifying you ACL

route-map ISP-OUT 10

match ip address 4

Use that route map to filter to your new ISP

router bgp

neighbor NEW_ISP_IP route-map ISP-OUT out

With that you will only advertise the routes to your ISP neighbor that you specified in your access-list. If you want to add more to advertise out later, either re-write your access-list (not my choice though) or create a new access-list with the new IP, and create additional entries under your route-map (my preference).

So it would look like this to add network 2.

access-list 2 permit 2.2.2.0 0.0.0.255

route-map ISP-OUT 20

match ip address 2

The "20" after ISP-OUT specifies a new line number in the same route map, remember to clear your BGP neighbor anytime you make changes like that, but also remember if your ISP see's you "flapping" due to a down link or you clearing your BGP status, they may stop advertising you for 45 minutes to prevent flapping routes on the internet. So make sure you learn to use the soft clear BGP commands.

In order to control incoming routes, that is a very long topic, easiest way (and best in my opinion), is to have your ISP send you what you want to receive, I run dual service providers at my edge, and I told my ISP's I only want to receive a default route, I don't need the entire internet routing tables for my application.

If you have your ISP send you the entire internet routing table keep in mind a few points, it consumes router memory, and if you enable CEF, it consumes twice the amount of memory to build the CEF table. If you have them send you the entire internet routing table and you filter on your side, your router still receives and stores the information, and then uses CPU cycles to filter 200k+ routes from entering your routing table, but the information is still stored in memory to allow soft BGP clears.

HTH,

Craig

OK I finally received all the exact numbers for the new ISP BGP and I am now ready to implement it.

Is it possible to get a one on one with an expert from here for help? As I do not want to post the exact IP's on this forum.

And I do not want to mess up the configuration by filling in the variables.

How can we arrange this?

Thank you

Ok I will post here more details so I can get the exact configuration.

Let's resume what is going on here.

We have:

ISP1 - MTO (AS 21548)

ISP2 - COGENT (AS 174)

Current Config:

router bgp 21793

no synchronization

bgp router-id ROUTER_ID_IP

bgp log-neighbor-changes

network XXX.65.60.0 mask 255.255.252.0

network XXX.66.68.0 mask 255.255.252.0

network XXX.75.188.0 mask 255.255.252.0

network XX.76.96.0 mask 255.255.252.0

neighbor XX.254.237.9 remote-as 21548

neighbor XX.254.237.9 password BGP_PASS

neighbor XX.254.237.9 route-map filter-in in

no auto-summary

!

ip prefix-list only-default seq 5 permit 0.0.0.0/0

!

route-map filter-in permit 10

match ip address prefix-list only-default

!

NOW, what we need done is SIMPLE.

We are adding COGENT as a provider in our BGP.

We need this XXX.75.188.0 /24 To go ONLY on COGENT. It is announced as part of a /22 to the current ISP as you can see in the configuration. So what we need is ONE CLASS C (the first one) XXX.75.188.0 /24 to be advertised to COGENT and for INCOMING and OUTGOING traffic on this range to go ONLY through Cogent, it should NOT go through MTO.

Cogent Details for connectivity:

Cogent Connected Address Block: XX.104.152.4 /30

Cogent Router Port IP/Gateway: XX.104.152.5

Our Router Port IP: XX.104.152.6

Subnet: 255.255.255.252

Then they assign us a Cogent Assigned Ip Block:

XX.102.65.112 /29

BGP Password: BGP_PASS (not showing for security purposes)

I hope I gave all details to get an EXACT and COMPLETE configuration to ADD to our existing config in order to implement this.

Help is greatly appreciated.

Thanks

Anything on this please? I am already plugged in I just need the final BGP configurations to get going with this.

Please let me know asap

conf t

ip route xxx.75.188.0 255.255.255.0 null 0 254

access-list 11 permit xxx.75.188.0 0.0.0.255

route-map COGNET-OUT 10

match ip address 11

access-list 12 deny xxx.75.188.0 0.0.0.255

access-list 12 permit any

route-map MTO-OUT 10

match ip address 12

router bgp 21793

neighbor XX.254.237.9 route-map MTO-OUT out

network xxx.75.188.0 mask 255.255.255.0

neighbor xx.104.152.6 remote-as 174

neighbor xx.104.152.6 password BGP_PASS

neighbor xx.104.152.6 route-map COGNET-OUT out

If you want to filter incoming routes and only accept the default route just like you are for your other carrier, add the following line:

neighbor xx.104.152.6 route-map filter-in in

You also specified that this class C should not be advertised out the other carrier, since you are advertising the /22 to the other carrier, it will not be a problem the /24 is a more specific route, and your other link will actually act as a failover.

Depending on how your internal network is setup you could have some asymmetric routing occuring, so the traffic will exit out MTO and come back in through COGNET or vice versa, since I don't know the rest of your network topology and configuration I can't really help much there. By default BGP will only use one of the links.

But that is the "basic" configuration you will need to get that working, but there is still design left that probably needs to be done.

HTH,

Craig

Ok so finally we got it to work as mentionned in the above configs, only thing remaining is that the router chooses COGENT as the default 0.0.0.0, I need all the traffic that is NOT from the XXX.75.188.0 /24 network to go out through MTO and that class C through cogent.

How do I accomplish this?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: