cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4155
Views
0
Helpful
24
Replies

BGP Attribute for outgoing Traffic

alshamlan
Level 1
Level 1

Dear,

I am have the attached diagram:

- There is two links between routers.

- I have intiate BGP Session between them. for incoming traffic I use prepend and it worked fine.

Now, my objective to use the BGP to route network 10.8.8.0/29 on link -1 and network 10.10.10.0/29 on Link-2  on normal operation. In case Link one down I want to route network 10.8.8.0/29 to the second link. In case link-2 down, network 10.10.10.0/29 should be routed to link-1.

Which attribute I should use for this and how this can be acheived to deal with the source IP.

Thanks.

MS

1 Accepted Solution

Accepted Solutions

Hi,

The failover will work without IP SLA if you shutdown the interface on the internal router. You need IP SLA if you want to test the entire path between the two routers. For instance, if the external router fails, the internal router will not know since it is connected to the switch and not directly to the internal router. That is where IP SLA can help.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

24 Replies 24

Harold Ritter
Cisco Employee
Cisco Employee

Hi,

BGP could help you to direct incoming traffic (traffic coming from the Internet) over one link or the other based on the destination network (10.8.8.0/29 or 10.10.10.0/29) but it will not help if you are trying to route outgoing traffic based on the source address. You would need to use Policy Based Routing (PBR) to achieve that.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks Harold,

Can you please explain how we can achive it using the PBR? one example .

regards

Hi Alshamlan,

Can you please share with me your BGP Prepend configuration because i also configured bgp as-path prepend in my router for manage incoming traffic but i think it is not work properly, we are using multiple e-BGP in single homed that's why.

Thanks in ADV,

Hi,

It would look something like this.

interface Ethernet0/0

ip address 10.8.8.1 255.255.255.248

ip policy route-map pbr1

!

interface Ethernet1/0

ip address 10.10.10.1 255.255.255.248

ip policy route-map pbr2

!

interface Ethernet2/0

description Link1

ip address 192.168.1.2 255.255.255.252

interface Ethernet3/0

description Link2

ip address 192.168.2.2 255.255.255.252

!        

route-map pbr1 permit 10

set ip next-hop 192.168.1.1 192.168.2.1

set ip next-hop verify-availability

!        

route-map pbr2 permit 10

set ip next-hop 192.168.2.1 192.168.1.1

set ip next-hop verify-availability

!        

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Dear Harold,

I tried the BPR but it didnt work with me any advice?

DC, I will post the prepend configuration tomorrow.

Regards

Hi,

You need to do conditional BGP advertisement for what you want to acheive.

In BGP you have to use advertise-map option, for more information you can try cisco docs.

Regards,

Smitesh


PS: Please rate helpful posts

Hi Smitesh,

This would take care of the incoming traffic. The original poster asked about the outgoing traffic.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi Harold,

Yup, you are correct. Maybe my ignorance in reading the question correctly.

You can use weight or local pref in that case.

Regards,

Smitesh

Hi Smitesh,

Weight and local preference will not help either as the requirement is to route the outgoing traffic based on the source address rather than on the destination address. BGP won't help in this case but PBR will.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold,

Seems like I never understood the question correctly.

I re-read the question again and you are correct that OP wants source based routing, and PBR is simple and elegant solution.

Regards,

Smitesh

Hi,

What platform is the router performing PBR?

Is CDP running between the two routers?

Can you post the relevant configuration. Can you post the output for "sh route-map pbr1" and "sh route-map pbr2"

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi Harold,

Router is 1841

CDP enable on both routers, however, there is a switch in between both router that is used for SVI on the first router as below

(ROUTER-1) -------------------trunk---------------------(SWITCH)----------------2 access ports-----------------(CISCO-1841)

ROUTER-1841#show route-map pbr1

route-map pbr1, permit, sequence 10

  Match clauses:

  Set clauses:

    ip next-hop 192.168.1.1 192.168.2.1

    ip next-hop verify-availability

  Policy routing matches: 2 packets, 134 bytes

ROUTER-1841#show route-map pbr2

route-map pbr2, permit, sequence 10

  Match clauses:

  Set clauses:

    ip next-hop 192.168.2.1 192.168.1.1

    ip next-hop verify-availability

  Policy routing matches: 1 packets, 60 bytes

Regards

Hi,

"set ip next-hop verify-availability" uses CDP to verify the status of the next hop. So this command will not work in your scenario. You can try removing this command just to verify that PBR works for you. If you want your traffic from link1 to failover to link2 and vice versa in case of failure, I would recommend that you use "set ip next-hop verify-availability" in conjonction with tracking options. The following document shows a good example of how that can be done.

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

The document I sent contained the old syntax for IP SLA. The feature used to be called Cisco Service Assurance Agent (SAA) and was later renamed to Cisco IP SLA. The syntax also changed. Here's a document explaining the new syntax. The PBR syntax does not change though and you can still use the previous document I provided to configure that part.

Regards

http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: