07-01-2009 08:04 AM - edited 03-06-2019 06:32 AM
Hello,
Recently we have changed over to BGP for our SINGLE PROVIDER we currently have.
The configuration looks like this:
router bgp AS_NUMBER
no synchronization
bgp router-id ROUTER_ID_IP
bgp log-neighbor-changes
network XXX.XXX.XXX.XXX (1) mask 255.255.252.0
network XXX.XXX.XXX.XXX (2) mask 255.255.252.0
network XXX.XXX.XXX.XXX (3) mask 255.255.252.0
network XXX.XXX.XXX.XXX (4) mask 255.255.252.0
neighbor NEIGHBOR_IP remote-as REMOTE_AS
neighbor NEIGHBOR_IP password BGP_PASS
neighbor NEIGHBOR_IP route-map filter-in in
no auto-summary
!
ip prefix-list only-default seq 5 permit 0.0.0.0/0
!
route-map filter-in permit 10
match ip address prefix-list only-default
!
-------------------------------
NOW, we are going to plug a NEW ISP and want to announce ONLY our NETWORK (4) above.
Meaning this ISP will only route that CLASS C. So they are announcing it on their end and I have to announce that I am routing this CLASS C on the new ISP in my device.
Can someone please provide EXACT configuration commands to put in my router in order to achieve this ??
As well, I told my new ISP to only route this Class C on their network. But what happens if I tell them to route ALL my IP's and I want ONLY this Class C to go through them, can this be achieved? or if they announce it then I cannot control incoming traffic since they are announcing it and therefore I can only control outgoing traffic ?? Can someone please detail this for me?
Waiting for an answer on both questions.
GREATLY appreciated
Thanks
09-17-2009 01:28 PM
Hello Elazar,
warning:
you say you would like to send a more specific prefix to cogent.
But your current BGP configuration contains a /22 network not an aggregate that creates a /22 prefix.
You need to have a meaningful route to the desired /24 subnet or the configuration suggested by Craig with a static to null0 even with AD 254 will act as a black hole for this traffic.
Craig:
this point has to be addressed.
How is the /22 prefix present in your router?
Hope to help
Giuseppe
09-17-2009 01:39 PM
I definately made some assumptions on his internal configurations, I assumed the /22's were already being advertised by a null route, and I assume he segmented the /24 to a subinterface of some sort, and does not have a giant /22 present without any subnetting.
If he is not subnetting the /22, he will most definately black hole that class C.
The complete configuration and topology needs to be present to make proper design decisions.
Craig
09-17-2009 03:28 PM
Internally, yes each /22 is separated into /24.
I already have a null route for the /22 in place, actually I have them for all my /22.
So yes they are internally connected to vlans as /24 ...
So 2 questions.
1.Can I go ahead with his config ??
2. How come above I have a suggestion config with all those ip prefix-list .... and in your new config there is none of that? How can they be so different ?
Thank You
09-17-2009 04:07 PM
Hello,
Also, what do I have to make sure to be careful or fix to not have what described here
"Depending on how your internal network is setup you could have some asymmetric routing occuring, so the traffic will exit out MTO and come back in through COGNET or vice versa, since I don't know the rest of your network topology and configuration I can't really help much there. By default BGP will only use one of the links."
Thanks
09-17-2009 05:01 PM
Again, that depends on your network topology, are there 2 routers or 1? Do you want redundancy? Do you want partial redundancy, or if either link fails it should be redundant for all networks? Is your ISP aware that you are advertising these networks out? If not they will likely filter whatever you advertise. Is there a community you can send your ISP to make a route less preferred on the internet? If you begin to make your links fully redundant, you will run into the case where one ISP is definately "stronger" than the other, and sometime AS prepending isn't enough.
There are a lot of things that I consider when designing a network, and even more so when designing and interface with a network that I don't control (like an ISP).
Can you create a network diagram of your network? And also post the complete configuration of your external routers?
Also, one person recommended to use prefix lists, I recommended to use a route-map, they will accomplish the exact same thing, there are certain circumstances where a prefix list can make configuration easier, but an ACL and route map can accomplish anything a prefix list can.
Craig
09-17-2009 11:05 PM
so I put in the configuration and I everything crashed at the middle of putting in the configurations.
The neighbor IP was not correct as it was referring to the .6 IP but that is my own configured IP so the neighbor should be .5 but even with putting .5 everything crashed.
Is there anyway I can get ONE on ONE help outside of this public forums from one of you professionals?
Please let me know, you can email me at lazouche@gmail.com
Thank You
09-18-2009 07:06 AM
so I put in the configuration and I everything crashed at the middle of putting in the configurations.
The neighbor IP was not correct as it was referring to the .6 IP but that is my own configured IP so the neighbor should be .5 but even with putting .5 everything crashed.
Is there anyway I can get ONE on ONE help outside of this public forums from one of you professionals?
Please let me know, you can email me at lazouche@gmail.com
Thank You
09-21-2009 06:25 AM
anything on this please??
09-21-2009 06:54 AM
create an acl with allowing your for /24 and deny everything else...
ip access-list my_routes
permit ip 2.2.2.0 0.0.0.255 any
permit ip 2.2.3.0 0.0.0.255 any
permit ip 2.2.4.0 0.0.0.255 any
permit ip 2.2.5.0 0.0.0.255 any
deny ip any any
and apply distribute-list to that new ISP BGP peer.
neighbor 1.1.1.1 distribute-list my_routes
09-21-2009 07:00 AM
they could apply a filter to only learn the /24 you told them to redistribute or they may rely on you to properly advertise your routes. They could also potentially only accept certain number of routes. For example, if you told them 4 routes, they might give you a little head room and drop peering if you go over it 10 or something. You have to ask them, ISP, what kind of policy they have in place.
09-21-2009 12:10 PM
Ok so finally we got it to work as mentionned in the above configs, only thing remaining is that the router chooses COGENT as the default 0.0.0.0, I need all the traffic that is NOT from the XXX.75.188.0 /24 network to go out through MTO and that class C through cogent.
How do I accomplish this?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide