Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
1
Replies

BGP and outgoing paths Help Needed

interwebmedia
Level 1
Level 1

‎09-22-2009 07:11 AM - edited ‎03-06-2019 07:50 AM

Hello,

Ok so this is what we currently have.

ISP1 = MTO

ISP2 = COGENT

Our current Switch Config is:

router bgp ASN_NUMBER

no synchronization

bgp router-id XXX.XX.60.1

bgp log-neighbor-changes

network XX.XX.96.0 mask 255.255.224.0

network XXX.XX.60.0 mask 255.255.252.0

network XXX.XX.68.0 mask 255.255.252.0

network XXX.XX.188.0

network XXX.XX.189.0

network XXX.XX.190.0

network XXX.XX.191.0

neighbor XX.XXX.152.5 remote-as ISP2_ASN

neighbor XX.XXX.152.5 password NotShown

neighbor XX.XXX.152.5 route-map filter-in in

neighbor XX.XXX.237.9 remote-as ISP1_ASN

neighbor XX.XXX.237.9 password NotShown

neighbor XX.XXX.237.9 route-map filter-in in

no auto-summary

!

ip classless

ip route XX.XX.96.0 255.255.224.0 Null0

ip route XXX.XX.60.0 255.255.252.0 Null0

ip route XXX.XX.68.0 255.255.252.0 Null0

ip route XXX.XX.188.0 255.255.252.0 Null0

!

ip prefix-list only-default seq 5 permit 0.0.0.0/0

!

route-map filter-in permit 10

match ip address prefix-list only-default

Here is how it is configured for our ISP's:

ISP1 is announcing in its BGP:

network XX.XX.96.0 mask 255.255.224.0

network XXX.XX.60.0 mask 255.255.252.0

network XXX.XX.68.0 mask 255.255.252.0

network XXX.XX.189.0

network XXX.XX.190.0

network XXX.XX.191.0

ISP2 is announcing in its BGP:

network XXX.XX.188.0

So what we currently have is that all INCOMING traffic to our network routes fine since our ISP's are announcing exactly what we need and where we need it to route to.

WHAT WE NEED:

What we need is basically that all OUTGOING traffic FROM our network TO the internet for this network "network XXX.XX.188.0" which is on ISP2 should go out ONLY on ISP2. And of course that ALL the other networks should go out ONLY on ISP1.

As a summary:

Those networks:

network XX.XX.96.0 mask 255.255.224.0

network XXX.XX.60.0 mask 255.255.252.0

network XXX.XX.68.0 mask 255.255.252.0

network XXX.XX.189.0

network XXX.XX.190.0

network XXX.XX.191.0

Should have INCOMING and OUTGOING traffic ONLY on ISP1

and this network:

network XXX.XX.188.0

Should have INCOMING and OUTGOING traffic ONLY on ISP2

What are the EXACT commands and configurations I should add to my router in order to accomplish this.

Please be detailed, and if you need any other information from me to provide me this, I will be pleased to provide it.

GREATLY Appreciated.

Thank You

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-22-2009 08:49 AM

Hello Elazar,

you had already a thread about this.

Where you have received useful suggestions.

However, in this new thread you have provided more info in the initial post.

You would like to have traffic to and from network XXX.XX.188.0 to use ISP2.

You would like to have traffic to and from other networks to use already existing ISP1.

BGP has a rich set of tools but it is still a destination oriented protocol.

you can achieve control on what path traffic uses to come back to your company with BGP.

For doing this as it has been explained in the other thread you need to use route filters so that you send only net XXX.XX.188.0 to ISP2 and all other prefixes to ISP1.

You can do this with route-maps or with prefix-lists or access-lists.

Let's go to the outbound traffic.

But to control how traffic is sent to the internet BGP is not enough.

First of all, you receive just two BGP default routes or at least you accept only them.

to perform outbound routing based on source address you need to add PBR in your scenario.

so you need the following

access-list 11 permit XXX.XX.188.0 0.0.0.255

you will prefer default route received by ISP1 by using

router bgp ASN_NUMBER

neighbor XX.XXX.152.5 weight 500

neighbor XX.XXX.152.5 local-preference 400

now you need a route-map to divert to ISP2 traffic specified in ACL 11

route-map PBRtoISP2 permit 10

match ip address 11

set ip next-hop XX.XXX.237.9

you need to apply this on internal interface(s) that receive traffic directed to the internet

let's suppose it is gi0/0

int gi0/0

ip policy route-map PBRtoISP2

This should complete your configuration.

For BGP filtering refers to the other thread or use the following

ip prefix-list only188 permit XXX.XX.188.0/24

! check the syntax of the following line

ip as-path access-list 1 permit ^$

route-map toISP2 permit 10

match ip address prefix-list only188

for ISP1

route-map toISP1 deny 10

match ip address prefix-list only188

route-map toISP1 permit 20

match ip as-path 1

router BGP ASN_NUMBER

neighbor XX.XXX.152.5 route-map toISP1 out

neighbor XX.XXX.237.9 route-map toISP2 out

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card