Re: BGP Multihoming

royalblues · ‎07-13-2006

Hi

I would like to do a BGP multihoming with our service providers for our internet connection

and will to advertise the following networks 213.13.222.0/27 and 213.13.222.32/27 to both ISP

I want to distribute my traffic to both the ISP without getting the entire routing table from the ISPs

The internet browsing traffic needs to be forwarded to ISP B and the other static NAts to be forwarded to ISPA with each ISP acting as fallback to each other. THis will be achieved by policy routing wherein the browsing traffic will natted from the range 213.13.222.0/27 and the others will be natted from the range 213.13.222.32/27.

Now heres what i feel i would have problem

Can i have specific attributes applied to only a set of routes advertised to one BGP neighbor. Heres the config i plan

Router bgp 31380

Network 213.13.222.0 mask 255.255.255.227

Network 213.13.222.32 mask 255.255.255.227

Neighbor 111.111.111.111 remote-as 200

Neighbor 111.111.111.111 route-map ISPA-local-routes out

Neighbor 111.111.111.111 route-map Acceptroutes in

Neighbor 123.123.123.123 remote-as 300

Neighbor 123.123.123.123 route-map ISPB-local-routes out

Neighbor 123.123.123.123 prefix-list Acceptroutes in

access-list 1 permit 213.13.222.32 0.0.0.31

access-list 2 permit 213.13.222.0 0.0.0.31

access-list 3 permit 0.0.0.0

ip prefix-list? Acceptroutes seq 5 permit 0.0.0.0/0

Route-map ISPA-local-routes permit 10

Match ip address 1

Set as-path prepend 31380 31380 31380 31380 31380

Route-map ISPA-local-routes permit 20

Match ip address 2

Route-map ISPB-local-routes permit 10

Match ip address 2

Set as-path prepend 31380 31380 31380 31380 31380

Route-map ISPB-local-routes permit 20

Match ip address 1

Set as-path prepend 31380 31380 31380 31380 31380

route-map browsing-traffic permit 10

match ip address 1

set ip next-hop 111.111.111.111

interface fastethernet 0/1

ip address 159.145.145.1

ip policy route-map browsing-traffic

Will the above config work for my scenario. Also i need to know whether the return trafiic for browsing will be from ISPB and not from ISPA

Thanks in Advance

Narayan

leonvd79 · ‎07-14-2006

Hello Narayan,

I assume you did not talk to your service provider(s) before designing a multihoming scenario.

In my opinion no service provider would peer with your AS. I don't think RIPE sees the need to assign an ASN for stub networks.

As for your CIDR block, it's probably NOT portable. The secondary service provider cannot accept long matching routes (27 bits). As it would need to adverstise it separately to the Internet.

Most service providers filter prefixes that have a length greater than 24 bits.

I recommend you talk with your service provider to see what is possible for your organization. You got the concepts down right, however they don't work for small networks.

HTH

--Leon

* Please rate posts.

royalblues · ‎07-14-2006

Thanks Leon for the inforamtion.

I did speak to my Service providers but never told them the subnet iam going advertise.

I have been given only a /24 address from the APNIC and i need to use the subnet for 8 locations. that is why i used VLSM which resulted in /27 ip address.

What i would like to know is if my service does accept these routes, is the configuration correct or wrong.

Narayan

gwhuang5398 · ‎07-14-2006

Narayan:

A few issues:

1. Route-map ISPB-local-routes permit 10

Match ip address 2

Set as-path prepend 31380 31380 31380 31380 31380

Route-map ISPB-local-routes permit 20

Match ip address 1

Set as-path prepend 31380 31380 31380 31380 31380

I'm guessing you wanted to do:

Route-map ISPB-local-routes permit 20

Match ip address 1

2. route-map Acceptroutes needs to use access-list 3 or ip prefix-list Acceptroutes to have the default route in:

route-map Acceptroutes permit 10

match ip address 3 or Acceptroutes

3. route-map browsing-traffic permit 10

match ip address 1

set ip next-hop 111.111.111.111

interface fastethernet 0/1

ip address 159.145.145.1

ip policy route-map browsing-traffic

I guess FE0/1 is your inside interface. With your config, route-map browsing-traffic will be applied before natting. So the address to match is not your natted address but the private addresses before they are natted.

I think a better way to achieve what you want is to use nat pool and dynamic natting with route-map, which would be configured that if your traffic outbound is HTTP and/or HTTPS for web browsing, nat it to one /27 and set the next hop to the ISP desired, for everything else outbound, send it to the other ISP as next hop.

4. This should be just part of your config. Make sure other config is in sync with this part.

Let me know what you think.

Gary

royalblues · ‎07-14-2006

Thanks Gary,

THere were a few typo errors on the config.

1. NEtwork statements were having .227 mask instead of 224

2. THe route-map as you have mentioned and

3. I forgot to paste the routemap Acceptroutes config

THe natting is not a problem as i will be natting the private address in the firewall to one of the address in the 213.13.222.32/27. So if my router receives any packet in the above range, it will forward it to ISPB and other static NATs will be natted in the range 213.13.222.0/27. Since there is no policy routing for this subnet it should take the default route out ISPA.

I just want to know after advertising the routes in the above way, my return traffic for the static NATs should be from ISPA and for the browsing traffic from ISPB

Narayan