Solved: BGP questions

Duc Vu · ‎02-05-2014

Hi all,

Please help with sample config for my purposes that I have two BGP routers, R1 and R2, each connects to different ISP, say ISP 1 & 2. The main goal is follows :

1/ certain internal subnets will take R2 to go out to Internet; the rest will take R1.

2/ traffics go out on R1 will need to return to the same router since it has better bandwidth.

Please give me a BGP sample config. Thank you all.

JohnTylerPearce · ‎02-05-2014

Duc Vu,

That's, what I"m talking about, just straigh to the point, no side roads

Well depending on how your network blocks are divided up, and if you have provider indepdent blcks... I would do the following, based upon the information that I have.

"1. Certain interna subnets wil ltake R2 to go out to the Internet; the rest wil ltake R1"

This sounds like policy-based routing (PBR).

I would configure an extended ACL, for the specific subnets going to the internet and have them go to the next hop or R2, and configure the rest to go to R1

I would configure PBR on the core switch

2. "Traffics go out on R1 will need to return to teh same router since it has been bandwidth"

If this is the case, I would configure AS-PATH prepending, for these specicic subnets that the internet will see as the source ip network, and have padd on several AS_PATHs for ISP2, so ISP1 is chosen to come back.

I'm currently about to have to be on a confererence call so I'll try and write some configs if you want.

View solution in original post

JohnTylerPearce · ‎02-07-2014

Yeah, if you have for example, 100.100.100.0/24, assigned to you by your provider, then generally they will advertise to there eBGP peers 100.100.0.0/16 etc larger block.

Since you are basically just renting the space, Internet routers outside of your providers AS, will see the aggregate and not the /24, and will always route to your ISP, and then from inside your ISP, is where you will have to get inbound routing preferences configured for your /24 prefix.

I would talk to your ISP, and see within your providers AS, you could do AS_PATH prepending.

As for your previous question about the config.

I would go to the core switch, and configure PBR, for specific source subnets, and then have them go to ISP-2, while the rest take ISP-1. Since' I don't know the routing table of the core switch I would do the following.

Core

-------

- On the SVIs or subinterfaces I would implement PBR.

- Creates an access list for the source networks

- "access-list standard Subnets-PBR-ISP2 permit 192.168.1.0 255.255.255.0"

route-map PBR-ISP2 permit 10

match ip address Subnets-PBR-ISP2

set ip default next-hop

int vlan 10

ip policy route-map PBR-ISP2

Then for the other networks that you want to take ISP1, you could configure a default route to point to ISP1.

Obviously, you know your routing table better than me, so make sure the idea looks good to you first before implementing.

With the 'set ip default next-hop' command, if there is not a specific match (Default Routes don't count) then it will be policy routed. So if someone wants to go out on the internet to some website at 70.70.123.242 or something, you won't have specific route for that in your table, and it will be policy routed to ISP2, which will then forward it out that way.

Now, depending on how your firewalls are setup with the return traffic, considering the issue that you are using provider assigned address space, that could cause asymetric routing and firewalls issues.

View solution in original post

JohnTylerPearce · ‎02-05-2014

Duc Vu,

Do you have a connection between R1 and R2?

Also, are you running BGP between R1 and your ISP and R2 and your ISP and iBGP between R1 and R2?

Does R1 and R2 connect back to a Core Switch or some sort?

Duc Vu · ‎02-05-2014

Hi John,

Thank you for jumping in to help. The answer is "Yes" to all.

JohnTylerPearce · ‎02-05-2014

Duc Vu,

That's, what I"m talking about, just straigh to the point, no side roads

Well depending on how your network blocks are divided up, and if you have provider indepdent blcks... I would do the following, based upon the information that I have.

"1. Certain interna subnets wil ltake R2 to go out to the Internet; the rest wil ltake R1"

This sounds like policy-based routing (PBR).

I would configure an extended ACL, for the specific subnets going to the internet and have them go to the next hop or R2, and configure the rest to go to R1

I would configure PBR on the core switch

2. "Traffics go out on R1 will need to return to teh same router since it has been bandwidth"

If this is the case, I would configure AS-PATH prepending, for these specicic subnets that the internet will see as the source ip network, and have padd on several AS_PATHs for ISP2, so ISP1 is chosen to come back.

I'm currently about to have to be on a confererence call so I'll try and write some configs if you want.

Duc Vu · ‎02-05-2014

Yes please, sound like you have good config for me. Thank you very much.

JohnTylerPearce · ‎02-05-2014

Duc Vu,

Do you have Provider Independent network space or Provider Assigned?

Duc Vu · ‎02-05-2014

Hi John,

I/m not sure I understand your question. Sorry.

JohnTylerPearce · ‎02-05-2014

Duc Vu,

You have two difference ISPs. So the public network address space that you have, is it owned by the ISP or can you take that network anywhere?

Provider Independent address space, is network space that you own, and can advertis out on any ISP.

Provider assigned address space, actually belongs to the ISP, and you basically rent it so to speak, and usually cannot advetise that space out to another ISP, without having a contract setup with both ISPs.

Duc Vu · ‎02-05-2014

oh, they're owned by ISPs and we don't have any contract to advertise them. Thanks.

JohnTylerPearce · ‎02-05-2014

Duc Vu,

If that's the case, you really won't be able to influence traffic on the Internet inbound to your AS then. Because ISPB is going to want you to advertise ISPA networks to it. And most ISPs should have a filter to prevent only the specified networks to be advertised to it.

What you can do is configure policy based routing on the core, to influence outbound traffic for specific subnets, that is completely possible.

JohnTylerPearce · ‎02-05-2014

Duc Vu,

Sorry for the late response, I actually had to go earn some money

Once quick question, on R1 and R2 are they receiving....

A. Full Internet Routes

B. A Default Route to each ISPs' next hop

C. Full Internet Routes + Default Route

D. Partial Internet Routes + Default Route

I'll have your config after that answer.

Duc Vu · ‎02-06-2014

Hi John,

Sorry, same with me, gotta to do some works yesterday to bring bread home. Anyway I will copy R1 & R2 show run. Please bear with me. Thank you very much.

Duc Vu · ‎02-07-2014

Hi John,

I'm back after collecting some info about this post. Got the following comments :

1/ since we do not have advertisement contracts with both ISPs, they will advertise our prefixes after aggregate them.

For example : our prefix is X.X.X.0/24, will be aggregated into X.X.X.0/15 then advertise out to Internet. In this case,

we need to talk to ISPs for their advertisement on our prefix /24. Then we should use as-path prepend. Please advise.

2/ if one of ISPs do not agree to advertise then we use "conditional roue advertisement" but not a preferred solution.

Please also advise me on this option.

Thank you very much.

JohnTylerPearce · ‎02-07-2014

Yeah, if you have for example, 100.100.100.0/24, assigned to you by your provider, then generally they will advertise to there eBGP peers 100.100.0.0/16 etc larger block.

Since you are basically just renting the space, Internet routers outside of your providers AS, will see the aggregate and not the /24, and will always route to your ISP, and then from inside your ISP, is where you will have to get inbound routing preferences configured for your /24 prefix.

I would talk to your ISP, and see within your providers AS, you could do AS_PATH prepending.

As for your previous question about the config.

I would go to the core switch, and configure PBR, for specific source subnets, and then have them go to ISP-2, while the rest take ISP-1. Since' I don't know the routing table of the core switch I would do the following.

Core

-------

- On the SVIs or subinterfaces I would implement PBR.

- Creates an access list for the source networks

- "access-list standard Subnets-PBR-ISP2 permit 192.168.1.0 255.255.255.0"

route-map PBR-ISP2 permit 10

match ip address Subnets-PBR-ISP2

set ip default next-hop

int vlan 10

ip policy route-map PBR-ISP2

Then for the other networks that you want to take ISP1, you could configure a default route to point to ISP1.

Obviously, you know your routing table better than me, so make sure the idea looks good to you first before implementing.

With the 'set ip default next-hop' command, if there is not a specific match (Default Routes don't count) then it will be policy routed. So if someone wants to go out on the internet to some website at 70.70.123.242 or something, you won't have specific route for that in your table, and it will be policy routed to ISP2, which will then forward it out that way.

Now, depending on how your firewalls are setup with the return traffic, considering the issue that you are using provider assigned address space, that could cause asymetric routing and firewalls issues.

Duc Vu · ‎02-07-2014

thank you very much for your time. I will work on it and update this post later. Good weekend, sir.