Can I Manage Out-Bound Internet Traffic Using BGP?

We have a Cisco 7507, with IOS version 12.2(8)T5, running BGP with (2) DS3's and (1) OC3 port going to AT&T for our Internet. I have been able to manage the inbound traffic OK, but my out-bound traffic is equal between all (3) circuits. I am looking for a solution using BGP to be able to manage the out-bound as well. The DS3's out-bound traffic is maxed out on most days and I am not utilizing my bandwidth for the OC3 correctly.


Re: Can I Manage Out-Bound Internet Traffic Using BGP?

You need to talk to your upstream providers.

You need to setup eBGPs with them. I assume you did this.

For outgoing announcements of your prefixes [your incoming traffic]

you probably control them with route-maps/prepends etc.

For the inbound announcements [the prefixes you learn from your

upstream] you control them the same way.

Say the upstream 1 has uunet connectivity. You accept his view of the

inet as applying to its BGP session to pass only _701_ paths.

To the other BGP peer of the other provider you apply to reject _701_ routes.

This way almost say 50% of the outbound traffic will flow to the link that

accepted the routes through _701_ and the other half of your outbound

traffic will flow through the link that has rejected all the prefixes that have _702_ in it.

This is the most simple way of doing it. The basic idea is to devide the prefixes on two big pools. The one that has some AS in its paths and the one that hasn't this AS in its paths.

This is when you buy upstream from many providers. But what happens when you buy from one upstream? Well, there should be already some sort of balancing. If the circuits are equally in terms of bandwidth, then you should use bgp multipath option. Just go to the BGP techincal tips page and lookin there for load balancing over equal cost circuits.



Re: Can I Manage Out-Bound Internet Traffic Using BGP?

We are only receiving the a default route Serial1/0/0 for example on all 3 interfaces. We are also using only 1 provider for all 3 circuits. If I am understanding your reply your possible solution will not work in our case. If you have any other ideas I would appreciate them.


Steve Radakovich

Re: Can I Manage Out-Bound Internet Traffic Using BGP?

You have 2 options, in my opinion:

1) To create 2 different BGP sessions. The one with next-hop staticaly routed over the DS3.

The other with next-hop staticaly routed over the OC3

Then you establish 2 BGP sessions and over the one that is on the DS3,

you deny through as-path access-list all the paths that have _701_, _702_,

_703_, _704_ to come in to your router through this BGP.

Over the OC3's bgp you ONLY accept the routes that have as-path of the


The idea is that you point out the outbound traffic to destinations different than

UUnet's directly connected ASes, through the DS3, and all that are directly connected to UUnet, to OC3.

The other option ....

Re: Can I Manage Out-Bound Internet Traffic Using BGP?

The thing is, that for the option one you need to:

1) To strart getting the whole BGP table [you need more than 128MB


You have one more option, I'll quickly explain it here, but beware that

this is harder to create it, and it is likely that your upstream may refuse doing

it, but still you may try it, as this upstream you paying him, so he should be supportive.

So the second option:

1) You setup 3 EIGRP sessions with your upstream, on which you only accept 1 and the same IP address, /32 of your BGP neighbor.

2) You create one single BGP session over which you accept all the

routes from the internet with this one and the same IP address given to

you over the EIGRP with you upstream.

3) You set the EIGRP parameter called variance, then for every destination

your BGP will select only one next-hop, because you have only one BGP.

BUT the EIGRP will select the 3 different paths to deliver the traffic to this


4) So, you basically you do load balancing on unequal cost paths over the EIGRP. You can easily check this out as you do trace on the BGP peer target from your router, it should be seeing the 3 different IPs of your different circuits.

5) For all of the above you need to talk with your UPstream, if he is willing to do it.



P.S. Here is how load balancing over unequal cost paths works in EIGRP.

Beware that the EIGRP will be looking at the badnwidth parameter of your interfaces, and dynamically will be controlling where to send the packet based on the load of your interfaces. You need to use ip cef, and load balancing per packet, not per destination, as the latter will make some of your interfaces overload, and others to be empty. Here is a link of how

the unequal load balancing works:

Here is general IP routing tips link:

[Go to the BGP to see how you can do, and you are actually doing now

the load balancing over parallel links over the BGP]

Re: Can I Manage Out-Bound Internet Traffic Using BGP?

If U are using different Subnets/Networks to access internet, then U can use policy routing to set ur default interface for ur outbound traffic.

Ex: Two networks : and

route-map name 10

match ip address 10

set default interface s0/0

route-map name 10

match ip address 20

set default-interface s0/1

access- list 10 permit

access-list 20 permit

Hope it helps....


Re: Can I Manage Out-Bound Internet Traffic Using BGP?

The normal mechanism for controlling outbound traffic over equal cost BGP routes is the multiple exit discriminator in BGP. This allows you to apply a weight to the incoming default routes when the enter your AS. See Halabi's "Internet Routing Architectures" for all the gory details or search for "hot potato routing and how to cure it" :-)

Note that this approach will probably leave you with ALL traffic outbound using the OC3.

Good luck and have fun!

Vincent C Jones

