07-22-2009 03:43 AM - edited 03-04-2019 05:31 AM
I have two different ISP's and two routers that are configured with eBGP between the ISP's and iBGP between the two routers. I am getting full routes plus a default route. I have 2 network addresses ISP A 10.117.125.0 /24 and ISP B 10.51.170.0 /24. (I have changed the ip addresses for this example. ) I would like it if ISP A fails then ISP B will route that subnet. This happened the other day and it did not work. The ISP is setup correctly and i see that i am missing a network statement, but is there anything else in this config that is wrong?
Solved! Go to Solution.
07-22-2009 11:25 AM
Hello Bryan,
outgoing:
only prepending of your own AS number is recommended for the BGP rule that silently discards BGP advertisements with an AS Path attribute that already contains your own AS number.
So the best practice for prepending is to use your own AS number.
set as-path prepend 25 25
incoming:
About the config example you have linked:
you have written you are receiving BGP full tables from both providers.
the ip as path access-list of example provide better preference for all routes with an AS path attribute that is made of only the provider AS number.
ip as-path access-list 1 permit ^400$
this means an AS path that starts with 400 (^ symbol) and ends just after it ($ symbol).
In other words in your scenario this part is not effective:
routes originated in AS 400 (representing ISPB) are preferred for their shortest AS path over the routes received from ISP A that have an AS path made of at least
"300 400 i"
or longer if the two have no direct relationship (peering)
longer then "400 i"
these routes are exchanged over the iBGP session.
Hope to help
Giuseppe
07-22-2009 05:11 AM
Did/do you plan on AS-Prepend your public address space on this router? You have a match command but no set statement. Example-
set as-path prepend 18 18
07-22-2009 05:12 AM
Hello Bryan,
if the two public networks belong to the two ISP, ISP B is not going to accept prefix A because it is not in their block.
They filter the advertisement thinking you are acting as a transit network.
To achieve this you need to do an agreement with both providers.
Or you need to implement on your side NAT in such a way that if link or session to ISPA fails addresses of second block are used instead.
Hope to help
Giuseppe
07-22-2009 05:22 AM
The provider has agreed to accept the prefix A, that blongs to ISPA.
07-22-2009 05:50 AM
Hello Bryan,
this is good.
you need the missing network statement and as Collin has suggested you may want to use selective AS path prepending of your own AS number as a way to influence return path.
In the configuration you have attached I see:
you need also an empty route map clause to advertise the other prefix with no prepending if desired
route-map AS_Prepend permit 10
match ip address 10
!
route-map AS_Prepend permit 20
!
the opposite has to be done for the other isp
Hope to help
Giuseppe
07-22-2009 06:22 AM
I looked at this config on cisco's website. http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf5
When i do the local-preference 150 that is saying use shorter paths from ISP B if it has a better path correct?
The prepend, do i want to use my ASN or the ISP's ASN?
I plan on using this:
route-map AS-400-INCOMING permit 10
match as-path 1
set local-preference 150
!
route-map AS-400-OUTGOING permit 10
match ip address 10
set as-path prepend 100
!
!
route-map AS-400-OUTGOING permit 20
match ip address 20
07-22-2009 11:25 AM
Hello Bryan,
outgoing:
only prepending of your own AS number is recommended for the BGP rule that silently discards BGP advertisements with an AS Path attribute that already contains your own AS number.
So the best practice for prepending is to use your own AS number.
set as-path prepend 25 25
incoming:
About the config example you have linked:
you have written you are receiving BGP full tables from both providers.
the ip as path access-list of example provide better preference for all routes with an AS path attribute that is made of only the provider AS number.
ip as-path access-list 1 permit ^400$
this means an AS path that starts with 400 (^ symbol) and ends just after it ($ symbol).
In other words in your scenario this part is not effective:
routes originated in AS 400 (representing ISPB) are preferred for their shortest AS path over the routes received from ISP A that have an AS path made of at least
"300 400 i"
or longer if the two have no direct relationship (peering)
longer then "400 i"
these routes are exchanged over the iBGP session.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide