09-11-2010 05:20 AM - edited 03-04-2019 09:44 AM
Dear Experts,
Help regarding Return traffic and outbound traffic both from ISP – B when multiple isp bandwidth of selected pool
Many times I have tried which is I need as given bellow.
We have multiple ISP bandwidth in our single router through eBGP
ISP-A 45 MB ( Neighbour 210.212.59.150)
ISP–B 25 MB (Neighbour 48.155.212.103)
We have our own ip pools , we need some ip pools traffic go through ISP – B ( outbound and return traffic both) and some ip pools traffic go through ISP-A ( outbound and return traffic both) please see bellow config templates.
ip prefix-list ISP-A seq 5 permit 118.215.62.22/32
ip prefix-list ISP-A seq 10 permit 118.215.62.18/32
ip prefix-list ISP-A seq 15 permit 118.215.62.64/26
ip prefix-list ISP-A l seq 20 permit 118.215.62.128/25
ip prefix-list ISP-A seq 25 permit 118.215.65.64/26
!
ip prefix-list ISP-B seq 5 permit 118.215.63.0/24
ip prefix-list ISP-B seq 10 permit 118.215.64.0/24
ip prefix-list ISP-B seq 15 permit 118.215.65.128/25
route-map ISP-A-ISP-B permit 10
match ip address prefix-list ISP-B
set ip next-hop 48.155.212.103
!
route-map ISP-A-ISP-B permit 20
match ip address prefix-list ISP-A
set ip next-hop 210.212.59.150
!
route-map ISP-A-ISP-B permit 30
!
route-map prepend-ISP-A permit 10
match ip address prefix-list ISP-A
set as-path prepend 123456 123456 123456
!
route-map prepend-ISP-A permit 20
!
route-map prepend-ISP-B permit 10
match ip address prefix-list ISP-B
set as-path prepend 123456 123456 123456
!route-map prepend-ISP-B permit 20
in internal interface gi0/0
ip policy route-map SIP-A-ISP-B
and in BGP
neighbour 210.212.59.150 prepend-ISP-A out
neighbour 48.155.212.103 prepend-ISP-B out
but the problem is all the return traffic from ISP-A which is router ID.
GP table version is 420, local router ID is 210.212.59.150
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
So how can I solve this issue what config I need to config which is need.
Thanks in ADV.
09-11-2010 07:30 AM
Hello,
Have you applied the route-map ISP-A-ISP-B to the inside interface
(interface facing your LAN)?
interface gi 0/1
description Connection to LAN
ip address "address" "mask"
ip policy route-map ISP-A-ISP-B
exit
Hope this helps.
Regards,
NT
09-11-2010 09:28 AM
Dear NT,
at present not apply it , should i apply on internal interface or need to any change ??
Thanks in ADV,
09-11-2010 10:36 AM
Hello,
Please go ahead and apply the route-map. That should fix the issue.
Regards,
NT
09-11-2010 11:46 AM
Hello Vaibhav,
PBR rule has to be applied inbound on the internal interface receiving the packets that have to be diverted as noted by Nagaraja.
Note:
I have never used prefix-lists in a route-map used for PBR
PBR does not process routing updates but the user traffic to decide what packet has to be diverted and what packets have to be destination based routed.
So I would suggest to use extended access-lists instead of prefix-lists.
something like:
access-list 111 permit ip x.y.z.0 0.0.0.255 any
or even a standard access-list like
access-list 11 permit x.y.z.0 0.0.0.255
here, prefix-lists might be treated as standard access lists but I think that using standard access-lists or extended access-lists is more appropriate for PBR.
prefix-lists are good for route-maps used on BGP sessions for example
Hope to help
Giuseppe
09-11-2010 09:29 PM
Dear NT & Giuseppe,
Thanks to both of you and my dear Giuseppe so many times you given me support regarding the same issue but i not able to achive this.
My main goal is when i need some ip pools traffic i mean to say both the traffic inbound and outbound from perticulary ISP
e.g
ip prefix-list ISP-A seq 5 permit 118.215.62.22/32
ip prefix-list ISP-A seq 10 permit 118.215.62.18/32
ip prefix-list ISP-A seq 15 permit 118.215.62.64/26
ip prefix-list ISP-A l seq 20 permit 118.215.62.128/25
ip prefix-list ISP-A seq 25 permit 118.215.65.64/26
this above ip pools traffic outboud and return both through ISP-A but my pronblem is our router ID 210.212.59.150 whis is ISP-B
so return traffic alway preferd best path router-id.
outbound traffic it's working fine through ISP-A b'coze through route-map but return traffic is still from ISP-B i need to set it's also from ISP-
A.
Yes giuseppe u are right when i apply on internal interface for outbound traffic bellow route-map still all the traffic of ISP-A ip pools thorough ISP-B and when i create standard access-list it;s working fine outbound trafic only, so what is diffrent between prefix-list and standard access-list.
standared access-list when i match it's outbond traffic working fine but when i match prefix-list it's still outbound traffic through ISP-B so what is the issue???
route-map ISP-A-ISP-B permit 10
match ip address prefix-list ISP-B
set ip next-hop 48.155.212.103
!
route-map ISP-A-ISP-B permit 20
match ip address prefix-list ISP-A
set ip next-hop 210.212.59.150
!
route-map ISP-A-ISP-B permit 30
So what config i need to achive this goal.
Please help me it's very important for me.
09-12-2010 12:15 PM
Hello Vaibhav,
mine is only a note as I wrote I have never used prefix-lists that are supposed to be used for route filtering in a route-map invoked as a PBR rule.
About your question:
ensuring that return path follows the same path as outbound traffic is not totally possible as you can try to influence other AS choices to go back to you using for example AS path prepending.
Also, as noted in other threads attempting to advertise prefixes more specific then /24 provides no guarantees that the prefix will be propagated unchanged.
If I remember correctly I had suggested you to contact the two ISPs to verify if they are going to accept up to /25 prefixes.
In your example you are attempting to advertise /26 and even /32 to ISP A that is likely discarding them.
ip prefix-list ISP-A seq 5 permit 118.215.62.22/32
this is not going to be accepted and for sure it cannot be propagated over the internet by your upstream provider.
If your example is just an example and you are not using /32 prefixes, please ignore previous comment
I would suggest that probably you are already getting the best from your scenario and that asymmetric paths have to be accepted for the technical limitations of BGP
When you have multiple prefixes each of them /24 you can use a strategy of sending only /23 aggregate with AS path prepending towards the ISP you wouldn't want to use for return traffic.
but if you have only one /24 public IP prefix there is little you can do for return traffic other then asking providers to accept two /25.
In my current customer network for example we have asymmetric paths but they are not an issue as firewalls are more internal and do not detect this.
Hope to help
Giuseppe
09-12-2010 11:48 PM
Dear Friend,
You mean to say it's not possible return traffic through ip prefix-list which i need to set outbound traffic ip pools same as return traffic when i match with ip prefix list in route-map with prepend.
can it is possible when i match through standerd access-list with the same pools
ip access-list 23 permit 118.215.62.22
ip access-list 23 permit 118.215.62.18
ip access-list 23 permit 118.215.62.64 0.0.0.63
ip access-list 23 permit 118.215.62.128 0.0.0.127
ip access-list 23 permit 118.215.65.64. 0.0.0.63
ip access-list 24 permit 118.215.63.0 0.0.0.255
ip access-list 24 permit 118.215.64.0 0.0.0.255
ip access-list 24 permit 118.215.65.128 0.0.0.127
route-map prepend-ISP-A permit 10
match ip address 23
set as-path prepend 123456 123456 123456
!
route-map prepend-ISP-A permit 20
!
route-map prepend-ISP-B permit 10
match ip address 24
set as-path prepend 123456 123456 123456
!route-map prepend-ISP-B permit 20
and in BGP
neighbour 210.212.59.150 prepend-ISP-A out
neighbour 48.155.212.103 prepend-ISP-B out
what you have suggest me it is possible all the retrun traffic of 23 access-list ip pools through ISP-A and 24 access-list ip pools trhrogh ISP-B ??
or other think should i remove router-id and set weight or local-prefrrence ora MED i dont know realy deply knowledge about that can it is possibe throug MED or local-preference to achive my goal ???
Thanks in ADV,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide