BGP route-map prepend configuration examples

Answered Question
Jul 28th, 2009

I have two main networks connected to an MPLS cloud.

Network A is the corporate facility it has its own internet.

Network B is the collocation facility it also has its own internet.

On the MPLS cloud I have 100 remote sites that use the internet out of corporate.

I would like to use the internet out the colo site for the remote locations and have the corporate site be the backup.

The BGP configurations for corporate and colo is below.

Corporate router BGP setup

router bgp 65001

network 0.0.0.0 mask 0.0.0.0

network 172.16.0.0 mask 255.255.254.0 ( I do not want to prepend the 172.16.0.0/23 network)

redistribute static metric 254

neighbor 152.176.58.193

remote-as 65000

Colo router BGP setup

router bgp 65001

network 0.0.0.0 mask 0.0.0.0

network 172.16.11.0 mask 255.255.255.0

no auto-summary

neighbor 147.225.85.213 remote-as 65000

I believe the best solution is to perform a BGP prepend at the corporate site.

Can someone assist me with a sample route-map using the above information that applies to corporate?

Thanks a lot

Juan

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 5 years 11 months ago

The IP source address will be your neighbor IP so if your neighbor is 172.16.11.1 and you want to change the distance for all routes coming from that neighbor, the syntax is:

distance 254 172.16.11.1 0.0.0.0

Keep in mind, all BGP routes - eBGP and iBGP will be modified to the new administrative distance.

HTH,

__

Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Edison Ortiz Tue, 07/28/2009 - 13:19

ip prefix-list Quad0 permit 0.0.0.0/0

route-map Quad0

match ip address prefix-list Quad0

set ip as-path prepend 65001 65001

router bgp 65001

neighbor x.x.x.x route-map Quad0 out

HTH,

__

Edison.

juan-ruiz Wed, 07/29/2009 - 07:49

Edison,

Thanks a lot for your input.

Quick question:

The 65001 AS is the one the ISP assigned to me which is the same for all my sites.

I use this one not the one that is configured to my neighbor BGP peer x.x.x.x 65000?

Can you also provide me a link that I can review more of the theory regarding this kind of setup?

Kind regards,

Juan

Giuseppe Larosa Wed, 07/29/2009 - 09:02

Hello Juan,

your own AS number is the only safe choice for prepending in real world scenario:

the reason is that eBGP has a built loop avoidance mechanism that says:

"don't accept BGP routes if their BGP AS path attribute already contains my AS number"

so if you would prepend your peer AS number you would get a negative effect: prepended routes would be silently discarded on peer side.

Hope to help

Giuseppe

Edison Ortiz Wed, 07/29/2009 - 10:24

Couldn't find a good Cisco link at the moment but Google turns up a good book online with a portion freely available at this link http://tinyurl.com/ksycqu

Giuseppe has addressed your other query.

HTH,

__

Edison.

juan-ruiz Thu, 07/30/2009 - 12:28

Great link thank you.

I made the changes and all went well.

I still have one small issue and I'm not sure how to overcome it.

Here is a quick breakdown of the hardware.

At corporate I have a Cisco layer 3 switch running OSPF only. From this switch I have a Metro E to the Colo to another Layer 3 switch that runs OSPF/BGP.

At Corporate I have a router that connects to the MPLS.

This router has a leg into the layer 3 switch and runs OSPF / BGP

At the colo my layer 3 switch runs both OSPF/BGP.

Everything routes the way it should but when I add the main local networks at corporate BGP configuration (network 172.16.0.0/23) and at colo (172.16.11.0/24) The routes get advertise on the MPLS cloud like they should but that path is not the Metro E anymore (THis is 50 Mbps) it is the MPLS 9 Mbps.

These two networks I would like to keep them on the Metro E segment.

If you care to review here is my protocol configuration for corporate and colo. I have tried several things and non seem to work.

The main goal is to use the Metro E link as the primary between colo and corp.

Remote sites use colo as primary for internet and 172.16.11.0/24

Remote site use corp only for 172.16.0.0/23

Remote sites use corp as secondary for internet.

Corp use MPLS as secondary for internet out colo.

CORP-ADT-RT-001#show run | be router

router ospf

network 172.16.9.10 0.0.0.0 area 0

network 192.168.200.254 0.0.0.0 area 0

redistribute bgp subnets metric 100

!

ip prefix-list MATCHALL seq 10 permit 0.0.0.0/0 le 32

ip prefix-list NOPREPEND seq 10 permit 172.0.0.0/23

!

route-map PREPEND permit 1

match ip address prefix-list NOPREPEND

set metric 10

route-map PREPEND permit 10

match ip address prefix-list MATCHALL

set as-path prepend 65001 65001 65001 65001

!

router bgp 65001

no auto-summary

no synchronization

distance bgp 100 100 100

network 0.0.0.0 mask 0.0.0.0

network 152.176.58.192 mask 255.255.255.252

redistribute static metric 254

neighbor 152.176.58.193

no default-originate

route-map PREPEND out

soft-reconfiguration inbound

remote-as 65000

!

COLO-CSC-SW-001#show run | be router

router ospf 1

log-adjacency-changes

redistribute bgp 65001 metric 50 subnets

network 172.16.9.0 0.0.0.7 area 0

network 172.16.11.0 0.0.0.255 area 0

network 172.16.12.9 0.0.0.0 area 0

network 172.16.13.0 0.0.0.255 area 0

network 192.168.200.252 0.0.0.0 area 0

!

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 0.0.0.0

neighbor 147.225.85.213 remote-as 65000

no auto-summary

!

In anycase thanks a lot for your help.

Regards,

Juan

Edison Ortiz Fri, 07/31/2009 - 08:10

eBGP routes will be preferred over the OSPF routes due to the Administrative Distance (eBGP = 20 - OSPF = 110)

If you want to want to choose the OSPF link over the BGP link, you will have to decide to either increase the eBGP AD or decrease the OSPF AD.

You can also send summaries on BGP while keeping the specific routes on OSPF but this requires some planning to avoid any subnet overlapping.

HTH,

__

Edison.

juan-ruiz Fri, 07/31/2009 - 11:48

Thanks again Edison and makes perfect sense because.

The BGP distance command is what I should use.

Should I configure the distance for the neighbor or the distance for external, internal, and local?

If I configure the distance for external, internal, and local is it fine to make the distance 120 for all of them or should I apply different values?

Thanks a lot

Juan

Edison Ortiz Fri, 07/31/2009 - 11:59

Per neighbor administrative distance isn't allowed in IOS, you need to change the administrative distance globally (affecting all incoming BGP routes) under the BGP process.

By default, External is 20 and iBGP and local are 200. Leave the last 2 as 200 and change eBGP to 120.

HTH,

__

Edison.

juan-ruiz Fri, 07/31/2009 - 12:02

Edison,

I will try these changes and give you an update next week.

Thank so much for your assistance.

During this process I'm also studying for my CCNP and with your assistance a lot of light bulbs are flashing as I read the redistribution chapters and BGP.

Much appreciated.

Regards,

Juan

Edison Ortiz Fri, 07/31/2009 - 12:06

Glad to be of help on your current network issue and good luck on your studies.

Feel free to post back on these forums whenever you run into a problem with your Cisco products.

Regards,

Peter Paluch Fri, 07/31/2009 - 12:51

Hello Edison,

Actually, I believe that there is a way to define something akin' to per-neighbor administrative distance.

See the BGP command "distance" (no "distance bgp"). It allows you to set an administrative distance for a defined source of information and possibly for networks announced by that source. You can define a different administrative distance individually for each neighbor, thereby overriding the default iBGP and eBGP administrative distance.

As an example, the command

distance 254 10.0.12.2 0.0.0.0

will assign the administrative distance of 254 to all routes advertised from the BGP peer 10.0.12.2.

Best regards,

Peter

Marwan ALshawi Sat, 08/01/2009 - 05:08

you could also send summary roue thorugh bgp and keep ospf more spicific this way the more spicific will be chosen regardless the AD number

chinkevi_2 Sun, 08/02/2009 - 15:12

if colo and corp with the same BGP AS goes through the cloud for each other i believe isp is using as-overide?

should admin distance be changed to prefer OSPF, it will fix both sites to use metro-E backdoor, but it will affect remote site's to go through OSPF route as well, due to remote ip redistribute into OSPF.

per neighbor admin distance is feasible but not practical if there are a lot of remote ip.

would this come down to ip address design as per Marwan's suggestion, provided both sites can summarise the routes.

if there is a better solution please let me know.

juan-ruiz Mon, 08/03/2009 - 06:33

hi Telstra,

My goal is to have remote sites use the colo as the primary path.

Currently that is working and if the MPLS link is down the remote sites will shift to the corporate.

The only route lost is between corporate and colo.

Thanks

juan-ruiz Mon, 08/03/2009 - 06:29

Hi Peter,

I like the change of Admin distance on a specific network.

Corporate network I want to advertise is 172.16.0.0/23.

The colo network I want to advertise is 172.16.11.0/24.

At corporate I could use under the bgp configuration

distance 254 172.16.11.0 0.0.0.255

and at colo I could use

distance 254 172.16.0.0 0.0.254.255

If I understand this properly the OSPF routes will be preferred and I can keep these networks over the metro E.

After looking at the distance command I do not see an option to specify the neighbor just the IP source address and the wild card bits. Tell me if I'm missing something.

Correct Answer
Edison Ortiz Mon, 08/03/2009 - 07:04

The IP source address will be your neighbor IP so if your neighbor is 172.16.11.1 and you want to change the distance for all routes coming from that neighbor, the syntax is:

distance 254 172.16.11.1 0.0.0.0

Keep in mind, all BGP routes - eBGP and iBGP will be modified to the new administrative distance.

HTH,

__

Edison.

juan-ruiz Fri, 08/07/2009 - 04:59

Edison and everyone on the thread thanks for your inputs

I used the distance command with a higher AD than ospf specified the peer and used an access-list for the specific route I wanted the AD increase only and it worked fine.

Many thanks

Juan

Actions

This Discussion