07-13-2006 11:35 PM - edited 03-03-2019 04:03 AM
Hi
I would like to do a BGP multihoming with our service providers for our internet connection
and will to advertise the following networks 213.13.222.0/27 and 213.13.222.32/27 to both ISP
I want to distribute my traffic to both the ISP without getting the entire routing table from the ISPs
The internet browsing traffic needs to be forwarded to ISP B and the other static NAts to be forwarded to ISPA with each ISP acting as fallback to each other. THis will be achieved by policy routing wherein the browsing traffic will natted from the range 213.13.222.0/27 and the others will be natted from the range 213.13.222.32/27.
Now heres what i feel i would have problem
Can i have specific attributes applied to only a set of routes advertised to one BGP neighbor. Heres the config i plan
Router bgp 31380
Network 213.13.222.0 mask 255.255.255.227
Network 213.13.222.32 mask 255.255.255.227
Neighbor 111.111.111.111 remote-as 200
Neighbor 111.111.111.111 route-map ISPA-local-routes out
Neighbor 111.111.111.111 route-map Acceptroutes in
Neighbor 123.123.123.123 remote-as 300
Neighbor 123.123.123.123 route-map ISPB-local-routes out
Neighbor 123.123.123.123 prefix-list Acceptroutes in
access-list 1 permit 213.13.222.32 0.0.0.31
access-list 2 permit 213.13.222.0 0.0.0.31
access-list 3 permit 0.0.0.0
ip prefix-list? Acceptroutes seq 5 permit 0.0.0.0/0
Route-map ISPA-local-routes permit 10
Match ip address 1
Set as-path prepend 31380 31380 31380 31380 31380
Route-map ISPA-local-routes permit 20
Match ip address 2
Route-map ISPB-local-routes permit 10
Match ip address 2
Set as-path prepend 31380 31380 31380 31380 31380
Route-map ISPB-local-routes permit 20
Match ip address 1
Set as-path prepend 31380 31380 31380 31380 31380
route-map browsing-traffic permit 10
match ip address 1
set ip next-hop 111.111.111.111
interface fastethernet 0/1
ip address 159.145.145.1
ip policy route-map browsing-traffic
Will the above config work for my scenario. Also i need to know whether the return trafiic for browsing will be from ISPB and not from ISPA
Thanks in Advance
Narayan
07-14-2006 05:04 AM
Hello Narayan,
I assume you did not talk to your service provider(s) before designing a multihoming scenario.
In my opinion no service provider would peer with your AS. I don't think RIPE sees the need to assign an ASN for stub networks.
As for your CIDR block, it's probably NOT portable. The secondary service provider cannot accept long matching routes (27 bits). As it would need to adverstise it separately to the Internet.
Most service providers filter prefixes that have a length greater than 24 bits.
I recommend you talk with your service provider to see what is possible for your organization. You got the concepts down right, however they don't work for small networks.
HTH
--Leon
* Please rate posts.
07-14-2006 06:20 AM
Thanks Leon for the inforamtion.
I did speak to my Service providers but never told them the subnet iam going advertise.
I have been given only a /24 address from the APNIC and i need to use the subnet for 8 locations. that is why i used VLSM which resulted in /27 ip address.
What i would like to know is if my service does accept these routes, is the configuration correct or wrong.
Narayan
07-14-2006 12:53 PM
Narayan:
A few issues:
1. Route-map ISPB-local-routes permit 10
Match ip address 2
Set as-path prepend 31380 31380 31380 31380 31380
Route-map ISPB-local-routes permit 20
Match ip address 1
Set as-path prepend 31380 31380 31380 31380 31380
I'm guessing you wanted to do:
Route-map ISPB-local-routes permit 20
Match ip address 1
2. route-map Acceptroutes needs to use access-list 3 or ip prefix-list Acceptroutes to have the default route in:
route-map Acceptroutes permit 10
match ip address 3 or Acceptroutes
3. route-map browsing-traffic permit 10
match ip address 1
set ip next-hop 111.111.111.111
interface fastethernet 0/1
ip address 159.145.145.1
ip policy route-map browsing-traffic
I guess FE0/1 is your inside interface. With your config, route-map browsing-traffic will be applied before natting. So the address to match is not your natted address but the private addresses before they are natted.
I think a better way to achieve what you want is to use nat pool and dynamic natting with route-map, which would be configured that if your traffic outbound is HTTP and/or HTTPS for web browsing, nat it to one /27 and set the next hop to the ISP desired, for everything else outbound, send it to the other ISP as next hop.
4. This should be just part of your config. Make sure other config is in sync with this part.
Let me know what you think.
Gary
07-14-2006 08:35 PM
Thanks Gary,
THere were a few typo errors on the config.
1. NEtwork statements were having .227 mask instead of 224
2. THe route-map as you have mentioned and
3. I forgot to paste the routemap Acceptroutes config
THe natting is not a problem as i will be natting the private address in the firewall to one of the address in the 213.13.222.32/27. So if my router receives any packet in the above range, it will forward it to ISPB and other static NATs will be natted in the range 213.13.222.0/27. Since there is no policy routing for this subnet it should take the default route out ISPA.
I just want to know after advertising the routes in the above way, my return traffic for the static NATs should be from ISPA and for the browsing traffic from ISPB
Narayan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: