Solved: Re: BGP Attribute for outgoing Traffic - Page 2

alshamlan · ‎10-22-2013

Dear,

I am have the attached diagram:

- There is two links between routers.

- I have intiate BGP Session between them. for incoming traffic I use prepend and it worked fine.

Now, my objective to use the BGP to route network 10.8.8.0/29 on link -1 and network 10.10.10.0/29 on Link-2 on normal operation. In case Link one down I want to route network 10.8.8.0/29 to the second link. In case link-2 down, network 10.10.10.0/29 should be routed to link-1.

Which attribute I should use for this and how this can be acheived to deal with the source IP.

Thanks.

MS

alshamlan · ‎10-23-2013

Thanks Harold,

Please the traffic is not flow as we required 10.8.8.0/29 to have the next hop as 192.168.1.1 and 10.10.10.0/29 to have next hop as 192.168.2.1, any hin on this?

Once this traffic flow work, I will test the IP-SLA.

Morevoer, Can we thing about it to do it from the other router? Since network 10.10.10.0/29 and 10.8.8.80/29 will be destinaiton to the second router??

Regards

Harold Ritter · ‎10-24-2013

Hi,

The initial configuration I provided should work. Can you please post the relevant configuration that you applied. As for load balancing in the incoming direction, this part can be addresses with BGP AS path prepending.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

alshamlan · ‎10-27-2013

Hi Harld,

See the configuration.

I have created two loop back interface and applied the route map on then for my testing now. instead og having two physical interces.

interface Loopback0

ip address 10.8.8.1 255.255.255.248

ip policy route-map pbr1

!

interface Loopback1

ip address 10.10.10.1 255.255.255.248

ip policy route-map pbr2

route-map pbr1 permit 10

set ip next-hop 192.168.1.1 192.168.2.1

set ip next-hop verify-availability

!

route-map pbr2 permit 10

set ip next-hop 192.168.2.1 192.168.1.1

set ip next-hop verify-availability

==========================================

See the ip route

============

B* 0.0.0.0/0 [20/0] via 192.168.1.1, 2d18h

10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks

==========================================

See ip bgp

==============

ROUTER1841#sh ip bgp

BGP table version is 26, local router ID is

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 192.168.1.1 0 77887 66556 i

* 192.168.2.1 0 77887 66556 i

*> 10.8.8.0/29 0.0.0.0 0 32768 i

*> 10.10.10.0/29 0.0.0.0 0 32768 i

Harold Ritter · ‎10-27-2013

Hi,

Applying the PRB route-map to the loopback interface will not work. To apply PBR to the traffic sourced from the router. you will need to use the command "ip local policy route-map" in global mode. Also, do not forget to remove "set ip next-hop verify-availability" or use IP SLA in conjunction

with it. Aspreviously mentioned, CDP will not work in your case since the router are separated by a switch.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

alshamlan · ‎10-30-2013

Hi Harold,

It is working with me now when I tested through the physical interfaces not on loopback and removed the (( ip next-hop verify-availability )) . Moreover, I ahve tested the failover also and it worked as we required without any ip sla conficuration which make me suprised. All what I have changed is removed the (( ip next-hop verify-availability )) and kept one next hop on pbr1 as you can see below, Can you please advice how the failover worked without and ip sla? is it beacuse of BGP incoming traffic working fine that influnce the outgoing to worked?

============================================

interface Ethernet0/0

ip address 10.8.8.1 255.255.255.248

ip policy route-map pbr1

!

interface Ethernet1/0

ip address 10.10.10.1 255.255.255.248

ip policy route-map pbr2

!

interface Ethernet2/0

description Link1

ip address 192.168.1.2 255.255.255.252

!

interface Ethernet3/0

description Link2

ip address 192.168.2.2 255.255.255.252

!

route-map pbr1 permit 10

set ip next-hop 192.168.1.1

!

route-map pbr2 permit 10

set ip next-hop 192.168.2.1 192.168.1.1

===============================================

Senario tested:

1- Both links UP

subnet 1 going through link-1

subnet 2 going through link-2

2- Link-1 DOWN

subnet 1 going through link-2

subnet 2 going through link-2

the failover of subnet-1 to link-2 was approximately 3 minutes.

3- Link-2 DOWN

subnet 1 going through link-1

subnet 2 going through link-1

the failover of subnet-2 to link-1 was approximately 3 minutes.

Harold Ritter · ‎10-30-2013

Hi,

The failover will work without IP SLA if you shutdown the interface on the internal router. You need IP SLA if you want to test the entire path between the two routers. For instance, if the external router fails, the internal router will not know since it is connected to the switch and not directly to the internal router. That is where IP SLA can help.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

alshamlan · ‎10-31-2013

Hi Harold,

yes you are right. Therefore, I have to implment the IP SLA. I will do and share the result.

regards

alshamlan · ‎11-03-2013

Hi Harold,

Thanks for your guidance,

I have implmented the SLA and tested it is working fine now , below the configuraiton.

interface FastEthernet0/0

description uplink-for-Link-1

ip address 192.168.1.2 255.255.255.252

!

interface FastEthernet0/1

description uplink-for-Link-1

ip address 192.168.2.2 255.255.255.252

interface FastEthernet0/1/0

description Downlink-for-Link-1

ip address 10.8.8.1 255.255.255.248

ip policy route-map pbr1

!

interface FastEthernet0/1/1

description Downlink-for-Link-2

ip address 10.10.10.1 255.255.255.248

ip policy route-map pbr2

track 1 ip sla 1 reachability

!

track 2 ip sla 2 reachability

## SLA for Link-1 ##

ip sla 1

icmp-echo 192.168.1.1 source-ip 192.168.1.2

threshold 15

timeout 15000

frequency 15

ip sla schedule 1 life forever start-time now

## SLA for Link-2 ##

ip sla 2

icmp-echo 192.168.2.1 source-ip 192.168.2.2

threshold 15

timeout 15000

frequency 15

ip sla schedule 2 life forever start-time now

## Route MAP for Link-1 ##

route-map pbr1 permit 10

set ip next-hop verify-availability 192.168.2.1 1 track 2

set ip next-hop 192.168.1.1

## Route MAP for Link-2 ##

route-map pbr2 permit 10

set ip next-hop verify-availability 192.168.1.1 1 track 1

set ip next-hop 192.168.2.1

dc-csa-blr · ‎10-23-2013

Hi Alshamlan,

Can you please share with me how to manage incomming traffic by as-path prepend.

Pl share your configuration.

Thanks in ADV,

alshamlan · ‎10-23-2013

Dear DC,

router bgp 65517

bgp log-neighbor-changes

network 10.8.8.0 mask 255.255.255.248

network 10.10.10.0 mask 255.255.255.248

neighbor 192.168.1.1 remote-as 65588

neighbor 192.168.1.1 description ### MW-LINK ###

neighbor 192.168.1.1 update-source FastEthernet0/0

neighbor 192.168.1.1 soft-reconfiguration inbound

neighbor 192.168.1.1 prefix-list BFC_IN in

neighbor 192.168.1.1 prefix-list BFC_OUT out

neighbor 192.168.1.1 route-map PEND_32_FB out

neighbor 192.168.2.1 remote-as 65588

neighbor 192.168.2.1 description ###-Fiber-Main-LINK ###

neighbor 192.168.2.1 update-source FastEthernet0/1

neighbor 192.168.2.1 soft-reconfiguration inbound

neighbor 192.168.2.1 prefix-list BFC_IN in

neighbor 192.168.2.1 prefix-list BFC_OUT out

neighbor 192.168.2.1 route-map PEND_24_MW out

!

ip route 10.8.8.0 255.255.255.248 Null0

ip route 10.10.10.0 255.255.255.248 Null0

!

ip prefix-list 24_MW seq 6 permit 10.8.8.0/29

ip prefix-list 32_FB seq 7 permit 10.10.10.0/29

!

ip prefix-list BFC_OUT seq 6 permit 10.8.8.0/29

ip prefix-list BFC_OUT seq 7 permit 10.10.10.0/29

ip prefix-list BFC_IN seq 5 permit 0.0.0.0/0

!

route-map PEND_24_MW permit 10

match ip address prefix-list 24_MW

set as-path prepend 65517 65517 65517

!

route-map PEND_24_MW permit 11

!

route-map PEND_32_FB permit 12

match ip address prefix-list 32_FB

set as-path prepend 65517 65517 65517

!

route-map PEND_32_FB permit 13