Forcing a single subnet in and out one BGP peer

Answered Question
Aug 11th, 2010
User Badges:

I have been reading all over trying to learn as much as I can about routing a single subnet in and out a single BGP peer but I am running out of time.



We have a single 6500 with sup720 running BGP between 2 ISP peers. We advertise all out subnets to both but now we need to force a single one to only use one of the peers. Attached is the BGP config.. IP addresses have been changed to protect the innocent.

Any help would be awesome!


Thanks!


Kevin

Correct Answer by arun kumar about 6 years 7 months ago

Hi Kevin,


I presume you want to use only one ISP peer for both forward and reverse traffic. If that peer fails the traffic should fall back to other peer. If this is correct, then there are ways you can achieve:


1. For outbound, you can influence the traffic by manipulating BGP attributes as you said weight, local preference. You have to set the peer where you want your traffic to flow by configuring higher value of weight and local preference. These attributes can be set to group of prefixes or for all prefixes received by that peero. By this the outbound traffic prefers the peer.


router bgp xxx

neighbor a.b.c.d weight --- for all prefrixes received

neighbor a.b.c.d route-map test in -- for specific prefixes with acl testacl


route-map test permit 10

match ip address testacl

set weight /set local-preference


2. For inbound, it depends how you advertise the prefixes to both peers. One common way people do is to prepend your own as number while you advertise the prefix to your secondary peers. To primary peers you can advertise without any your own as prepending.


router bgp xxx

neighbor a.b.c.d route-map test out ----- secondary peer

neighbor e.f.g.h remote-as yyy ------- primary peer


route-map test permit 10

match ip address testacl

set as-path prepend


3. The drawback of the above method is when the internet chooses the best path to your prefixes they usually choose the shortest as path. Though you prepend you AS many times to your secondary peer, chances are there that your secondary peer can be preferred from some ISP. This all depends from that particular ISP point of view as internet is interconnection of ISP's. There is a feature where you can advertise your prefixes only to one ISP. Only if that ISP fails you can advertise the prefixes to your secondary ISP. In this way, secondary ISP only receive when your primary ISP goes down.  This feature is called "BGP Conditional Advertisement'.


Please refer the below link:


http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml


Hope this helps


Arun

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
gatlin007 Wed, 08/11/2010 - 08:02
User Badges:
  • Silver, 250 points or more

When you say force do you mean influencing routing based on source address rather than destination address?



Thanks,


Chris

kevin_spies Wed, 08/11/2010 - 08:13
User Badges:

The source address would be a local x.x.x.x IP going to any destination and can only use one BGP peer. Is there a way to static route outgoing and incoming traffic for the single subnet using only one BGP peer?


I have seen people say you can use local-pref and weights but I'm not sure how that is done.


Did I answer your question correctly?


Thanks again!


Kevin

u1kumar2002 Wed, 08/11/2010 - 09:35
User Badges:

Hi,

      Answer to "Is there a way to static route outgoing and incoming traffic for the single subnet using only one BGP peer?" yes, you can route a particular subnet from one peer and other from other peer. but its not static routing. You have to first classify which prefixes will use which peer. Then you can configure it. Here is example : http://showipbgp.com/bgp-configurations/40-cisco/72-3-2-1-cisco-dual-bgp-with-prefix-length-load-balancing.html


Same time other link : http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml



Hope this information will help you.



Uttam

http://www.startnetworks.blogspot.com/

khearn8 Wed, 08/11/2010 - 10:09
User Badges:

I would use a prefix list in conjuction with a route-map to a

specific neighbor and block what you don't want going to that neighbor.

Correct Answer
arun kumar Thu, 08/12/2010 - 04:27
User Badges:
  • Bronze, 100 points or more

Hi Kevin,


I presume you want to use only one ISP peer for both forward and reverse traffic. If that peer fails the traffic should fall back to other peer. If this is correct, then there are ways you can achieve:


1. For outbound, you can influence the traffic by manipulating BGP attributes as you said weight, local preference. You have to set the peer where you want your traffic to flow by configuring higher value of weight and local preference. These attributes can be set to group of prefixes or for all prefixes received by that peero. By this the outbound traffic prefers the peer.


router bgp xxx

neighbor a.b.c.d weight --- for all prefrixes received

neighbor a.b.c.d route-map test in -- for specific prefixes with acl testacl


route-map test permit 10

match ip address testacl

set weight /set local-preference


2. For inbound, it depends how you advertise the prefixes to both peers. One common way people do is to prepend your own as number while you advertise the prefix to your secondary peers. To primary peers you can advertise without any your own as prepending.


router bgp xxx

neighbor a.b.c.d route-map test out ----- secondary peer

neighbor e.f.g.h remote-as yyy ------- primary peer


route-map test permit 10

match ip address testacl

set as-path prepend


3. The drawback of the above method is when the internet chooses the best path to your prefixes they usually choose the shortest as path. Though you prepend you AS many times to your secondary peer, chances are there that your secondary peer can be preferred from some ISP. This all depends from that particular ISP point of view as internet is interconnection of ISP's. There is a feature where you can advertise your prefixes only to one ISP. Only if that ISP fails you can advertise the prefixes to your secondary ISP. In this way, secondary ISP only receive when your primary ISP goes down.  This feature is called "BGP Conditional Advertisement'.


Please refer the below link:


http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml


Hope this helps


Arun

kevin_spies Mon, 08/16/2010 - 11:50
User Badges:

I was able to get it to work by setting up 2 new ANNOUNCE lists one for each peer. I use the permit statement for the peer I want the traffic to use and used the deny statement on the peer I do not want to use for the traffic. I then soft reset out for both peers.


It seems to be working fine now.

Actions

This Discussion

Related Content