help regarding return traffic and outbound traffic both from ISP- B when multiple ISP in single router with BGP

Unanswered Question
Sep 11th, 2010
User Badges:

Dear Experts,


Help regarding Return traffic and outbound traffic both from ISP – B when multiple isp bandwidth of selected pool

Many times I have tried which is I need as given bellow.

We have multiple ISP bandwidth in our single router through eBGP

ISP-A  45 MB  ( Neighbour 210.212.59.150)

ISP–B 25 MB (Neighbour  48.155.212.103)

We have our own ip pools  , we need some ip pools traffic go through ISP – B ( outbound and  return traffic both) and some ip pools traffic go through ISP-A ( outbound and return traffic both) please see bellow config templates.

ip prefix-list ISP-A seq 5 permit 118.215.62.22/32

ip prefix-list ISP-A seq 10 permit 118.215.62.18/32

ip prefix-list ISP-A seq 15 permit 118.215.62.64/26

ip prefix-list ISP-A l seq 20 permit 118.215.62.128/25

ip prefix-list ISP-A seq 25 permit 118.215.65.64/26

!

ip prefix-list ISP-B seq 5 permit 118.215.63.0/24

ip prefix-list ISP-B seq 10 permit 118.215.64.0/24

ip prefix-list ISP-B seq 15 permit 118.215.65.128/25

route-map ISP-A-ISP-B permit 10

match ip address prefix-list ISP-B

set ip next-hop 48.155.212.103

!

route-map ISP-A-ISP-B permit 20

match ip address prefix-list ISP-A

set ip next-hop 210.212.59.150

!

route-map ISP-A-ISP-B permit 30

!

route-map prepend-ISP-A permit 10

match ip address prefix-list ISP-A

set as-path prepend 123456 123456 123456

!

route-map prepend-ISP-A permit 20

!

route-map prepend-ISP-B permit 10

match ip address prefix-list ISP-B

set as-path prepend 123456 123456 123456


!route-map prepend-ISP-B permit 20


in internal interface gi0/0

ip policy route-map SIP-A-ISP-B

and in BGP

neighbour 210.212.59.150 prepend-ISP-A out

neighbour 48.155.212.103 prepend-ISP-B out

but the problem is all the return traffic from ISP-A which is router ID.

GP table version is 420, local router ID is 210.212.59.150

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

So how can I solve this issue what config I need to config which is need.

Thanks in ADV.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Sat, 09/11/2010 - 07:30
User Badges:
  • Cisco Employee,

Hello,


Have you applied the route-map ISP-A-ISP-B to the inside interface

(interface facing your LAN)?


interface gi 0/1

description Connection to LAN

ip address "address" "mask"

ip policy route-map ISP-A-ISP-B

exit


Hope this helps.


Regards,


NT

csawest.dc Sat, 09/11/2010 - 09:28
User Badges:

Dear NT,


at present not apply it , should i apply on internal interface or need to any change ??



Thanks in ADV,

Nagaraja Thanthry Sat, 09/11/2010 - 10:36
User Badges:
  • Cisco Employee,

Hello,


Please go ahead and apply the route-map. That should fix the issue.


Regards,


NT

Giuseppe Larosa Sat, 09/11/2010 - 11:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vaibhav,


PBR rule has to be applied inbound on the internal interface receiving the packets that have to be diverted as noted by Nagaraja.


Note:

I have never used prefix-lists in a route-map used for PBR


PBR does not process routing updates but the user traffic to decide what packet has to be diverted and what packets have to be destination based routed.


So I would suggest to use extended access-lists instead of prefix-lists.


something like:


access-list 111 permit ip x.y.z.0 0.0.0.255 any


or even a standard access-list like


access-list 11 permit x.y.z.0 0.0.0.255


here, prefix-lists might be treated as standard access lists but I think that using standard access-lists or extended access-lists is more appropriate for PBR.


prefix-lists are good for route-maps used on BGP sessions for example


Hope to help

Giuseppe

csawest.dc Sat, 09/11/2010 - 21:29
User Badges:

Dear NT & Giuseppe,



Thanks to both of you and my dear Giuseppe so many times you given me support regarding the same issue  but i not able to achive this.


 

My main goal is when i need some ip pools traffic i mean to say both the traffic inbound and outbound from perticulary ISP

e.g

ip prefix-list ISP-A seq 5 permit 118.215.62.22/32

ip prefix-list ISP-A seq 10 permit 118.215.62.18/32

ip prefix-list ISP-A seq 15 permit 118.215.62.64/26

ip prefix-list ISP-A l seq 20 permit 118.215.62.128/25

ip prefix-list ISP-A seq 25 permit 118.215.65.64/26


this above ip pools traffic outboud and return both through ISP-A but my pronblem is our router ID 210.212.59.150 whis is ISP-B
so return traffic alway preferd best path router-id.


outbound traffic it's working fine through ISP-A b'coze through route-map but return traffic is still from ISP-B i need to set it's also from ISP-
A.



Yes giuseppe u are right when i apply on internal interface for outbound traffic bellow route-map still all the traffic of ISP-A ip pools  thorough ISP-B and when i create standard access-list it;s working fine outbound trafic only, so what is diffrent between prefix-list and standard access-list.


standared access-list when i match it's outbond traffic working fine but when i match prefix-list it's still outbound traffic through ISP-B so what is the issue???


route-map ISP-A-ISP-B permit 10

match ip address prefix-list ISP-B

set ip next-hop 48.155.212.103

!

route-map ISP-A-ISP-B permit 20

match ip address prefix-list ISP-A

set ip next-hop 210.212.59.150

!

route-map ISP-A-ISP-B permit 30


So what config i need to achive this goal.


Please help me it's very important for me.

Giuseppe Larosa Sun, 09/12/2010 - 12:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vaibhav,

mine is only a note as I wrote I have never used prefix-lists that are supposed to be used for route filtering in a route-map invoked as a PBR rule.


About your question:


ensuring that return path follows the same path as outbound traffic is not totally possible as you can try to influence other AS choices to go back to you using for example AS path prepending.


Also, as noted in other threads attempting to advertise prefixes more specific then /24 provides no guarantees that the prefix will be propagated unchanged.


If I remember correctly I had suggested you to contact the two ISPs to verify if they are going to accept up to /25 prefixes.



In your example you are attempting to advertise /26 and even /32 to ISP A that is likely discarding them.


ip prefix-list ISP-A seq 5 permit 118.215.62.22/32


this is not going to be accepted and for sure it cannot be propagated over the internet by your upstream provider.


If your example is just an example and you are not using /32 prefixes, please ignore previous comment


I would suggest that probably you are already getting the best from your scenario and that asymmetric paths have to be accepted for the technical limitations of BGP


When you have multiple prefixes each of them /24 you can use a strategy of sending only /23 aggregate with AS path prepending towards the ISP you wouldn't want to use for return traffic.


but if you have only one /24 public IP prefix  there is little you can do for return traffic other then asking providers to accept two /25.


In my current customer network for example we have asymmetric paths but they are not an issue as firewalls are more internal and do not detect this.


Hope to help

Giuseppe

csawest.dc Sun, 09/12/2010 - 23:48
User Badges:

Dear Friend,



You mean to say it's not possible return traffic through ip prefix-list which i need to set outbound traffic ip pools same as return traffic when i match with ip prefix list in route-map with prepend.


can it is possible when i match through standerd access-list with the same pools



ip access-list 23 permit 118.215.62.22

ip access-list 23 permit 118.215.62.18

ip access-list 23 permit 118.215.62.64 0.0.0.63

ip access-list 23 permit 118.215.62.128 0.0.0.127

ip access-list 23 permit 118.215.65.64. 0.0.0.63



ip access-list 24 permit 118.215.63.0 0.0.0.255

ip access-list 24 permit 118.215.64.0 0.0.0.255

ip access-list 24 permit 118.215.65.128 0.0.0.127



route-map prepend-ISP-A permit 10

match ip address 23

set as-path prepend 123456 123456 123456

!

route-map prepend-ISP-A permit 20

!

route-map prepend-ISP-B permit 10

match ip address 24

set as-path prepend 123456 123456 123456


!route-map prepend-ISP-B permit 20

and in BGP


neighbour 210.212.59.150 prepend-ISP-A out

neighbour 48.155.212.103 prepend-ISP-B out


what you have suggest me it is possible all the retrun traffic of 23 access-list ip pools through ISP-A and 24 access-list ip pools trhrogh ISP-B ??


or other think should i remove router-id and set weight or local-prefrrence ora MED i dont know realy deply knowledge about that can it is possibe throug MED or local-preference to achive my goal ???




Thanks in ADV,

Actions

This Discussion