Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

BGP config help

Hello,

I just turned up a DS3 this morming and need some help configuring BGP. The DS3 is replacing 3 T1's. I will be keeping one T1 for failover. The problem I am having is that right now almost all outbound traffic is going over the T1's I will be dropping and there is a lot of in bound traffic on the T1 I will be keeping for failover. Below is my config. The Savvis T1's will be dropped as will the Global Crossing. Only the Internap T1 will remain.

Thanks,

Mitchel

interface Serial1/0:0

description FRONTIER GLOBAL

ip address 206.165.194.218 255.255.255.252

ip access-group 21 in

ip route-cache flow

ip mroute-cache

!

interface Serial1/1:0

description Savvis link

no ip address

encapsulation frame-relay

ip route-cache flow

ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial1/1:0.16 point-to-point

description Savvis link

ip address 216.88.192.246 255.255.255.252

ip access-group 21 in

ip mroute-cache

frame-relay interface-dlci 16 IETF

!

interface Serial2/0:0

no ip address

encapsulation frame-relay IETF

ip route-cache flow

no fair-queue

frame-relay lmi-type ansi

!

interface Serial2/0:0.1 point-to-point

description Savvis Link 2

ip address 204.194.9.10 255.255.255.252

ip mroute-cache

frame-relay interface-dlci 210

!

interface Serial2/1:0

description Internap

ip address 63.251.175.178 255.255.255.252

ip route-cache flow

no ip route-cache cef

ip mroute-cache

!

interface ATM4/0

description ATM connection to SAVVIS

ip address 206.129.33.54 255.255.255.252

no ip route-cache cef

map-group ATM_MAP

atm scrambling cell-payload

atm framing cbitplcp

atm pvc 1 5 101 aal5snap 3000 3000 32

no atm ilmi-keepalive

!

interface FastEthernet5/0

no ip address

ip route-cache flow

ip ospf network non-broadcast

no keepalive

shutdown

half-duplex

!

router ospf 201

redistribute static subnets

network 64.240.108.0 0.0.0.255 area 0

network 64.240.109.0 0.0.0.255 area 0

network 199.217.73.0 0.0.0.255 area 0

network 206.129.32.0 0.0.0.255 area 0

network 207.138.224.0 0.0.0.255 area 0

network 207.138.233.0 0.0.0.255 area 0

network 207.149.12.0 0.0.0.255 area 0

network 209.102.32.0 0.0.0.255 area 0

network 209.102.33.0 0.0.0.255 area 0

neighbor 207.138.224.8 priority 1

!

router bgp 13853

no synchronization

bgp router-id 64.240.108.1

bgp cluster-id 3481985278

network 64.240.108.0 mask 255.255.255.0

network 64.240.109.0 mask 255.255.255.0

network 199.217.73.0

network 206.129.12.0

network 206.129.13.0

network 206.129.32.0

network 207.138.224.0

network 207.138.233.0

network 207.149.12.0

network 207.149.13.0

network 209.102.32.0

network 209.102.33.0

aggregate-address 64.240.108.0 255.255.255.0 summary-only

aggregate-address 64.240.109.0 255.255.255.0 summary-only

aggregate-address 199.217.73.0 255.255.255.0 summary-only

aggregate-address 206.129.12.0 255.255.255.0 summary-only

aggregate-address 206.129.13.0 255.255.255.0 summary-only

aggregate-address 206.129.32.0 255.255.255.0 summary-only

aggregate-address 207.138.224.0 255.255.255.0 summary-only

aggregate-address 207.138.233.0 255.255.255.0 summary-only

aggregate-address 207.149.12.0 255.255.255.0 summary-only

aggregate-address 207.149.13.0 255.255.255.0 summary-only

aggregate-address 209.102.32.0 255.255.255.0 summary-only

aggregate-address 209.102.33.0 255.255.255.0 summary-only

neighbor 63.251.175.177 remote-as 14744

neighbor 63.251.175.177 description Internap

neighbor 63.251.175.177 version 4

neighbor 63.251.175.177 route-map FROM-INTERNAP in

neighbor 63.251.175.177 route-map TO-INTERNAP out

neighbor 204.194.9.9 remote-as 6347

neighbor 204.194.9.9 description SAVVIS 2

neighbor 204.194.9.9 version 4

neighbor 204.194.9.9 route-map MAP2 out

neighbor 204.194.9.9 filter-list 4 in

neighbor 204.194.9.9 filter-list 1 out

neighbor 206.129.33.53 remote-as 6347

neighbor 206.129.33.53 description SAVVIS DS3

neighbor 206.129.33.53 version 4

neighbor 206.129.33.53 filter-list 4 in

neighbor 206.129.33.53 filter-list 1 out

neighbor 206.165.194.217 remote-as 3549

neighbor 206.165.194.217 description Globalex

neighbor 206.165.194.217 version 4

neighbor 206.165.194.217 route-map MAP1 out

neighbor 206.165.194.217 filter-list 3 in

neighbor 206.165.194.217 filter-list 1 out

neighbor 216.88.192.245 remote-as 6347

neighbor 216.88.192.245 description SAVVIS

neighbor 216.88.192.245 version 4

neighbor 216.88.192.245 route-map MAP2 out

neighbor 216.88.192.245 filter-list 4 in

neighbor 216.88.192.245 filter-list 1 out

!

ip classless

ip route 0.0.0.0 0.0.0.0 206.165.194.217

ip route 0.0.0.0 0.0.0.0 216.88.192.245

ip route 0.0.0.0 0.0.0.0 Serial2/0:0.1

ip route 0.0.0.0 0.0.0.0 Serial2/1:0

ip route 0.0.0.0 0.0.0.0 206.129.33.53 254

ip route 64.240.108.0 255.255.255.0 207.138.224.8

ip route 199.217.73.0 255.255.255.0 207.138.224.253

ip route 206.129.32.0 255.255.255.0 Null0 254

ip route 206.129.32.64 255.255.255.224 207.138.224.9

ip route 206.129.32.232 255.255.255.248 207.138.224.8

ip route 206.129.32.248 255.255.255.248 207.138.224.8

ip route 207.138.224.0 255.255.255.0 Null0 254

ip route 207.138.224.205 255.255.255.255 207.138.224.38

ip route 207.138.233.0 255.255.255.0 Null0 254

ip route 207.138.233.0 255.255.255.128 207.138.224.8

ip route 207.138.233.80 255.255.255.240 207.138.224.38

ip route 207.138.233.128 255.255.255.192 207.138.224.8

ip route 207.138.233.196 255.255.255.252 207.138.224.8

ip route 207.138.233.208 255.255.255.248 207.138.224.8

ip route 207.138.233.224 255.255.255.240 207.138.224.38

ip route 207.149.12.0 255.255.255.0 Null0 254

ip route 207.149.12.8 255.255.255.252 207.138.224.38

ip route 207.149.12.64 255.255.255.248 FastEthernet0/0

ip route 207.149.12.136 255.255.255.254 207.138.224.38

ip route 207.149.12.137 255.255.255.255 207.138.224.38

ip route 207.149.12.192 255.255.255.252 207.138.224.9

ip route 207.149.12.200 255.255.255.248 207.138.224.8

ip route 209.102.32.0 255.255.255.128 207.138.224.39

ip route 209.102.32.128 255.255.255.128 207.138.224.38

ip route 209.102.33.0 255.255.255.0 207.138.224.8

no ip http server

ip bgp-community new-format

ip community-list 10 permit 65010:400

ip community-list 19 permit 65010:70

ip as-path access-list 1 permit ^$

ip as-path access-list 1 deny .*

ip as-path access-list 2 deny ^6347 3549$

ip as-path access-list 2 deny ^6347_[0-9]*_3549_[0-9]*$

ip as-path access-list 2 permit ^6347_[0-9]*$

ip as-path access-list 2 permit ^6347_[0-9]*_[0-9]*$

ip as-path access-list 3 permit ^3549$

ip as-path access-list 4 permit ^6347$

ip as-path access-list 50 permit _209_

ip as-path access-list 51 permit ^14744_3561

ip as-path access-list 111 permit ^3549.*2554.*$ !PSI group A=2554 Globalex=3549

ip as-path access-list 111 permit ^3549.*6347.*$ !SAVVIS=6347

ip as-path access-list 112 permit ^6347.*$ !SAVVIS=6347

!

!

map-list ATM_MAP

ip 206.129.33.53 atm-vc 1 broadcast

access-list 100 permit ip host 64.240.108.0 host 255.255.255.0

access-list 100 permit ip host 64.240.109.0 host 255.255.255.0

access-list 100 permit ip host 199.217.73.0 host 255.255.255.0

access-list 100 permit ip host 206.129.32.0 host 255.255.255.0

access-list 100 permit ip host 207.138.224.0 host 255.255.255.0

access-list 100 permit ip host 207.138.233.0 host 255.255.255.0

access-list 100 permit ip host 207.149.12.0 host 255.255.255.0

access-list 100 permit ip host 209.102.33.0 host 255.255.255.0

access-list 100 permit ip host 209.102.32.0 host 255.255.255.0

access-list 150 permit ip 207.138.224.0 0.0.0.255 any

access-list 150 permit ip 64.240.108.0 0.0.0.255 any

access-list 150 permit ip 64.240.109.0 0.0.0.255 any

access-list 150 permit ip 199.217.73.0 0.0.0.255 any

access-list 150 permit ip 206.129.32.0 0.0.0.255 any

access-list 150 permit ip 207.138.233.0 0.0.0.255 any

access-list 150 permit ip 207.149.12.0 0.0.0.255 any

access-list 150 permit ip 209.102.32.0 0.0.0.255 any

access-list 150 permit ip 209.102.33.0 0.0.0.255 any

access-list 198 permit ip host 207.138.233.0 host 255.255.255.0

access-list 198 permit ip host 207.149.12.0 host 255.255.255.0

access-list 198 permit ip host 209.102.32.0 host 255.255.255.0

access-list 199 permit ip host 64.240.108.0 host 255.255.255.0

access-list 199 permit ip host 64.240.109.0 host 255.255.255.0

access-list 199 permit ip host 199.217.73.0 host 255.255.255.0

access-list 199 permit ip host 206.129.32.0 host 255.255.255.0

access-list 199 permit ip host 207.138.224.0 host 255.255.255.0

access-list 199 permit ip host 209.102.33.0 host 255.255.255.0

route-map SAVVIS permit 10

match as-path 112

set local-preference 100

!

route-map PREFERGLBL permit 10

match as-path 2

set local-preference 150

!

route-map PREFERGLBL permit 20

!

route-map FROM-INTERNAP permit 10

match community 10

set local-preference 400

set community none

!

route-map FROM-INTERNAP permit 20

match as-path 50

set local-preference 160

set community none

!

route-map TO-INTERNAP permit 10

match ip address 100

set as-path prepend 13853 13853 13853 13853 13853 13853 13853 13853 13853 13853

!

route-map TO-INTERNAP permit 20

!

route-map Globalex permit 10

match as-path 111

set local-preference 80

!

route-map MAP1 permit 10

match ip address 199

set as-path prepend 13853 13853

!

route-map MAP1 permit 20

!

route-map MAP3 permit 10

match ip address 110

set as-path prepend 13853 13853 13853

4 REPLIES
Silver

Re: BGP config help

Mitchel,

You're traffic leaving out the T1's looks to be due to your statics to default pointing at the T1 next-hops and only one (4th one) points out the Internap exit point.

ip route 0.0.0.0 0.0.0.0 206.165.194.217

ip route 0.0.0.0 0.0.0.0 216.88.192.245

ip route 0.0.0.0 0.0.0.0 Serial2/0:0.1

ip route 0.0.0.0 0.0.0.0 Serial2/1:0

ip route 0.0.0.0 0.0.0.0 206.129.33.53 254

You're traffic coming back may be coming back over the T1's due to your route-map TO-INTERNAP. It is only matching traffic in ACL 100 but if this is most of your address space then prepending that many PATHS to your AS path will keep most all traffic from entering this link destined to the address space defined in ACL 100.

I only briefly went over your configs so I might have missed something but I hope this helps,

Don

New Member

Re: BGP config help

Thanks Don, I will try removing the statics not needed. Also the ACL 100 is all of my address space. and I am prepending it 10 times. I just got of the phone with Internap and they do some funky stuff to preferances that could overide prepends. I wish I new more about BGP and could clean up the mess I have have inherited. Anyway I'll keep at it. Can you or anyone point to a referance on regular expressions, like this, ip as-path access-list 1 permit ^$.

thanks againg,

Mitchel

Silver

Re: BGP config help

Mitchel,

BGP takes shortest AS path as first choice of route so your prepended routes with +10 AS path will look very bad as a routing decision. I wuold recommend you remove this and you might find your traffic comes back through the DS3 as you want. I would surely consult with your ISP though for sure.

Here is a link on regular expressions.

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1831/products_command_reference_chapter09186a00800ca655.html

Hope that helps,

Don

New Member

Re: BGP config help

Don, the route with the prepends is the one I don't want traffic to use. So I would think removing it would only make the situation worse. I removed the static routes but that had the effect of sending the traffic out over the Internap circuit, not the DS3. I am hoping to get some suggestions from Internap.

Thanks,

Mitchel

193
Views
0
Helpful
4
Replies
CreatePlease to create content