09-22-2009 07:11 AM - edited 03-06-2019 07:50 AM
Hello,
Ok so this is what we currently have.
ISP1 = MTO
ISP2 = COGENT
Our current Switch Config is:
router bgp ASN_NUMBER
no synchronization
bgp router-id XXX.XX.60.1
bgp log-neighbor-changes
network XX.XX.96.0 mask 255.255.224.0
network XXX.XX.60.0 mask 255.255.252.0
network XXX.XX.68.0 mask 255.255.252.0
network XXX.XX.188.0
network XXX.XX.189.0
network XXX.XX.190.0
network XXX.XX.191.0
neighbor XX.XXX.152.5 remote-as ISP2_ASN
neighbor XX.XXX.152.5 password NotShown
neighbor XX.XXX.152.5 route-map filter-in in
neighbor XX.XXX.237.9 remote-as ISP1_ASN
neighbor XX.XXX.237.9 password NotShown
neighbor XX.XXX.237.9 route-map filter-in in
no auto-summary
!
ip classless
ip route XX.XX.96.0 255.255.224.0 Null0
ip route XXX.XX.60.0 255.255.252.0 Null0
ip route XXX.XX.68.0 255.255.252.0 Null0
ip route XXX.XX.188.0 255.255.252.0 Null0
!
ip prefix-list only-default seq 5 permit 0.0.0.0/0
!
route-map filter-in permit 10
match ip address prefix-list only-default
Here is how it is configured for our ISP's:
ISP1 is announcing in its BGP:
network XX.XX.96.0 mask 255.255.224.0
network XXX.XX.60.0 mask 255.255.252.0
network XXX.XX.68.0 mask 255.255.252.0
network XXX.XX.189.0
network XXX.XX.190.0
network XXX.XX.191.0
ISP2 is announcing in its BGP:
network XXX.XX.188.0
So what we currently have is that all INCOMING traffic to our network routes fine since our ISP's are announcing exactly what we need and where we need it to route to.
WHAT WE NEED:
What we need is basically that all OUTGOING traffic FROM our network TO the internet for this network "network XXX.XX.188.0" which is on ISP2 should go out ONLY on ISP2. And of course that ALL the other networks should go out ONLY on ISP1.
As a summary:
Those networks:
network XX.XX.96.0 mask 255.255.224.0
network XXX.XX.60.0 mask 255.255.252.0
network XXX.XX.68.0 mask 255.255.252.0
network XXX.XX.189.0
network XXX.XX.190.0
network XXX.XX.191.0
Should have INCOMING and OUTGOING traffic ONLY on ISP1
and this network:
network XXX.XX.188.0
Should have INCOMING and OUTGOING traffic ONLY on ISP2
What are the EXACT commands and configurations I should add to my router in order to accomplish this.
Please be detailed, and if you need any other information from me to provide me this, I will be pleased to provide it.
GREATLY Appreciated.
Thank You
09-22-2009 08:49 AM
Hello Elazar,
you had already a thread about this.
Where you have received useful suggestions.
However, in this new thread you have provided more info in the initial post.
You would like to have traffic to and from network XXX.XX.188.0 to use ISP2.
You would like to have traffic to and from other networks to use already existing ISP1.
BGP has a rich set of tools but it is still a destination oriented protocol.
you can achieve control on what path traffic uses to come back to your company with BGP.
For doing this as it has been explained in the other thread you need to use route filters so that you send only net XXX.XX.188.0 to ISP2 and all other prefixes to ISP1.
You can do this with route-maps or with prefix-lists or access-lists.
Let's go to the outbound traffic.
But to control how traffic is sent to the internet BGP is not enough.
First of all, you receive just two BGP default routes or at least you accept only them.
to perform outbound routing based on source address you need to add PBR in your scenario.
so you need the following
access-list 11 permit XXX.XX.188.0 0.0.0.255
you will prefer default route received by ISP1 by using
router bgp ASN_NUMBER
neighbor XX.XXX.152.5 weight 500
neighbor XX.XXX.152.5 local-preference 400
now you need a route-map to divert to ISP2 traffic specified in ACL 11
route-map PBRtoISP2 permit 10
match ip address 11
set ip next-hop XX.XXX.237.9
you need to apply this on internal interface(s) that receive traffic directed to the internet
let's suppose it is gi0/0
int gi0/0
ip policy route-map PBRtoISP2
This should complete your configuration.
For BGP filtering refers to the other thread or use the following
ip prefix-list only188 permit XXX.XX.188.0/24
! check the syntax of the following line
ip as-path access-list 1 permit ^$
route-map toISP2 permit 10
match ip address prefix-list only188
for ISP1
route-map toISP1 deny 10
match ip address prefix-list only188
route-map toISP1 permit 20
match ip as-path 1
router BGP ASN_NUMBER
neighbor XX.XXX.152.5 route-map toISP1 out
neighbor XX.XXX.237.9 route-map toISP2 out
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide