Policy routing in BGP

Danilo Dy · ‎04-14-2003

Scenario:

ISP1(AS1)

|

MYNETWORK(AS4)>>>>>>ISP2(AS2)

|

ISP3(AS3)

I have two routers, R1 is connected to ISP1 and ISP2, R2 is connected to ISP3. I advertise 192.168.0.0/16 and 172.16.0.0/12 to ISP1 and ISP2, but I only advertise 192.168.0.0/16 to ISP3 (for political reason).

What I intend to do:

To configure equal local-preference to all ISP or higher local-preference to ISP3.

Problem:

When I do that, network 172.16.0.0/12 will exit ISP3 but it will drop because I only advertise 192.168.0.0/16 to ISP3.

Someone tell me that policy routing will solve my problem. Anybody can give me a sample on how to do it from the given information above? I tried to configure it but it doesn't work.

rjackson · ‎04-14-2003

What does this mean, it sounds like a contradiction>

"What I intend to do:

To configure equal local-preference to all ISP or higher local-preference to ISP3. "

Even if traffic from 172.16.0.0 goes out ISP3 it should still work. The responses shouold come back through ISP1.

Danilo Dy · ‎04-15-2003

As I said 172.16.0.0/12 is not advertised to ISP3 but if the destination is nearer via ISP3, host from 172.16.0.0/12 will choose that path and will be drop because of filtering in the interface and bgp.

mehmoodsajid · ‎04-15-2003

in your AS and as you wanna your route policy you need to configer Weight on your two routers

as you know in BGP you chosse the best path by useing the BGP attributes so configer BGP if you know evrey thing knows about BGP

as you talk about Local-Preference its effect on your AS and thats mine when you configer it on Router2 in your AS which connects to ISP3 so best path for BGP is Router2 as you tell to your router

but in Weight attributes its effect on a router not on AS so you can fwd your traffice from other routers by configer that command

Danilo Dy · ‎04-15-2003

Nope, we don't use weight cause weight is local to router only. As you know we have two routers with iBGP, if weight is used - it will not propagate to the second router.

rjackson · ‎04-15-2003

You didn't day you were filtering packets, just routes.

A simple policy would check the source address of DATA packets and force the next hop to R1's address. create an access list that catches all traffic from the network not suppossed to use ISP3. Be careful if there are more routers in between R1, R2 or if r2 also does any interior routing for 172.16.0.0. If it doesn't try an access list route-map like this. Syntax may not be perfect but its close; check it out with ? or documentation.

access-list 101 permit ip 172.16.0.0 0.15.255.255 any

route-map set-next-hop permit 10

match ip addr 101

set next-hop x.x.x.x

route-map set-next-hop permit 20

int fax/x

desc inside iface on r2

ip policy route-map set-next-hop

If R2 also does interior routing for 172.16.0.0 then add some deny's to the front of the access list so interior bound packets wont get the next hop forced.

Danilo Dy · ‎04-15-2003

Thanks.

I'll try and let you know the outcome. It seems to work as I look at it, I made a mistake - I'm barking at the wrong tree (trying to do it in BGP route-map filtering).