BGP and outgoing paths Help Needed

Unanswered Question
Sep 22nd, 2009
User Badges:

Hello,


Ok so this is what we currently have.


ISP1 = MTO

ISP2 = COGENT


Our current Switch Config is:


router bgp ASN_NUMBER

no synchronization

bgp router-id XXX.XX.60.1

bgp log-neighbor-changes

network XX.XX.96.0 mask 255.255.224.0

network XXX.XX.60.0 mask 255.255.252.0

network XXX.XX.68.0 mask 255.255.252.0

network XXX.XX.188.0

network XXX.XX.189.0

network XXX.XX.190.0

network XXX.XX.191.0

neighbor XX.XXX.152.5 remote-as ISP2_ASN

neighbor XX.XXX.152.5 password NotShown

neighbor XX.XXX.152.5 route-map filter-in in

neighbor XX.XXX.237.9 remote-as ISP1_ASN

neighbor XX.XXX.237.9 password NotShown

neighbor XX.XXX.237.9 route-map filter-in in

no auto-summary

!

ip classless

ip route XX.XX.96.0 255.255.224.0 Null0

ip route XXX.XX.60.0 255.255.252.0 Null0

ip route XXX.XX.68.0 255.255.252.0 Null0

ip route XXX.XX.188.0 255.255.252.0 Null0

!

ip prefix-list only-default seq 5 permit 0.0.0.0/0

!

route-map filter-in permit 10

match ip address prefix-list only-default


Here is how it is configured for our ISP's:


ISP1 is announcing in its BGP:


network XX.XX.96.0 mask 255.255.224.0

network XXX.XX.60.0 mask 255.255.252.0

network XXX.XX.68.0 mask 255.255.252.0

network XXX.XX.189.0

network XXX.XX.190.0

network XXX.XX.191.0


ISP2 is announcing in its BGP:


network XXX.XX.188.0


So what we currently have is that all INCOMING traffic to our network routes fine since our ISP's are announcing exactly what we need and where we need it to route to.


WHAT WE NEED:


What we need is basically that all OUTGOING traffic FROM our network TO the internet for this network "network XXX.XX.188.0" which is on ISP2 should go out ONLY on ISP2. And of course that ALL the other networks should go out ONLY on ISP1.


As a summary:


Those networks:


network XX.XX.96.0 mask 255.255.224.0

network XXX.XX.60.0 mask 255.255.252.0

network XXX.XX.68.0 mask 255.255.252.0

network XXX.XX.189.0

network XXX.XX.190.0

network XXX.XX.191.0


Should have INCOMING and OUTGOING traffic ONLY on ISP1


and this network:


network XXX.XX.188.0


Should have INCOMING and OUTGOING traffic ONLY on ISP2


What are the EXACT commands and configurations I should add to my router in order to accomplish this.


Please be detailed, and if you need any other information from me to provide me this, I will be pleased to provide it.


GREATLY Appreciated.


Thank You

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 09/22/2009 - 08:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Elazar,

you had already a thread about this.

Where you have received useful suggestions.


However, in this new thread you have provided more info in the initial post.


You would like to have traffic to and from network XXX.XX.188.0 to use ISP2.

You would like to have traffic to and from other networks to use already existing ISP1.


BGP has a rich set of tools but it is still a destination oriented protocol.


you can achieve control on what path traffic uses to come back to your company with BGP.

For doing this as it has been explained in the other thread you need to use route filters so that you send only net XXX.XX.188.0 to ISP2 and all other prefixes to ISP1.

You can do this with route-maps or with prefix-lists or access-lists.


Let's go to the outbound traffic.

But to control how traffic is sent to the internet BGP is not enough.


First of all, you receive just two BGP default routes or at least you accept only them.


to perform outbound routing based on source address you need to add PBR in your scenario.


so you need the following


access-list 11 permit XXX.XX.188.0 0.0.0.255


you will prefer default route received by ISP1 by using

router bgp ASN_NUMBER


neighbor XX.XXX.152.5 weight 500

neighbor XX.XXX.152.5 local-preference 400


now you need a route-map to divert to ISP2 traffic specified in ACL 11


route-map PBRtoISP2 permit 10

match ip address 11

set ip next-hop XX.XXX.237.9



you need to apply this on internal interface(s) that receive traffic directed to the internet


let's suppose it is gi0/0


int gi0/0

ip policy route-map PBRtoISP2



This should complete your configuration.


For BGP filtering refers to the other thread or use the following


ip prefix-list only188 permit XXX.XX.188.0/24

! check the syntax of the following line

ip as-path access-list 1 permit ^$


route-map toISP2 permit 10

match ip address prefix-list only188



for ISP1


route-map toISP1 deny 10

match ip address prefix-list only188

route-map toISP1 permit 20

match ip as-path 1


router BGP ASN_NUMBER

neighbor XX.XXX.152.5 route-map toISP1 out

neighbor XX.XXX.237.9 route-map toISP2 out



Hope to help

Giuseppe


Actions

This Discussion