Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Accepting default-route via BGP

Hi Guys,

I would just like to ask what is the best condition when accepting default routes from the ISP. Currently, we asked our ISP to advertise 0.0.0.0 if they have google.com and yahoo.com routes. What the ISP did was they configured a as-path access-list that includes both yahoo and google AS. Do you think this is a good design? What is the best condition that you guys think?

-John

12 REPLIES

Re: Accepting default-route via BGP

Hi,

Accepting a default route from the SP has nothing to do with the as-path access-list, the as-path access-list is used to filter routes passing through or originated from certain ASs, and has nothing to do with the provider advertising a default route to you.

HTH,

Mohammed Mahmoud.

Re: Accepting default-route via BGP

The ISP used the as-path access-list as the condition for the propagating default-route. Here's the config.

neighbor x.x.x.x default-originate route-map YAHOO_GOOGLE_CHECK

ip as-path access-list 140 permit _15169_[0-9]*$

ip as-path access-list 140 permit _10310_[0-9]*$

ip as-path access-list 140 permit _36752_[0-9]*$

route-map YAHOO_GOOGLE_CHECK permit 10

match as-path 140

-John

Re: Accepting default-route via BGP

Hi,

Ok, i see that your provider is doing conditional default route advertisement, but i think that as Martin has suggested the EOT (Enhanced Object Tracking) would be nice to use.

HTH,

Mohammed Mahmoud.

Cisco Employee

Re: Accepting default-route via BGP

Hi,

can you describe in more detail, what you would like to achieve?

I can imagine, enhanced object tracking may do what you want in an even better more predictable way. It allows you to choose an internet connection f.e. based on the reachability of a certain server. In your case you could ping yahoo.com and google.com and trigger rerouting based on availability.

There are some technical restrictionswith EOT, but if it sounds like solving your problem, have a look at

http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080774e79.html

Hope this helps!

Regards, Martin

Re: Accepting default-route via BGP

Hi Martin,

I saw this information from the link you gave me.

Tracking IP-Route Reachability

Perform this task to track the reachability of an IP route. A tracked object is considered up when a routing table entry exists for the route and the route is accessible.

It says that it will be considered as up when a routing table entry exists. How can we do this if we are only using default route?

Regards,

John

Silver

Re: Accepting default-route via BGP

Solution seems reasonable. The other possible conditioning method would be to track the routes of Google and Yahoo.

But since we are not aware of internal redundancy of google/yahoo, some of their networks might not be available but google and yahoo still can be available overall.

Hence AS_PATH is a good condition.

My only comment would be that this configuration enables advertising of default route even when only one of the Autonomous Systems is available.

Re: Accepting default-route via BGP

Yes, that is my concern, I think routes are better than using AS as the condition. One of our ISPs uses routes as the condition. Only this one uses AS Path. But even with this conditions in the configuration, it will still advertise default routes if one of them is available in the BGP table. Some of our client tools are internet based, sometimes, they become inaccessible in one ISP but accessible on the other. Humm.... Do you guys have other ideas?

-John

Re: Accepting default-route via BGP

Silver

Re: Accepting default-route via BGP

Ok, i have tested it for a good half of my day, even accidentally crashing some AT&T router on the way, because REGEXP expressions was too complex. "System returned to ROM by bus error at PC 0x60734DC0, address 0x8" it said...

So i gave up on the complex REGEXP. All 7206 routers crash with it, with any IOS i tried.

But what you can go with, that doesn't crash, is one of the following:

1. Create several ACL (three in your case) and create route-map with AND logic. All route-maps have can use AND or OR logic on match commands. If match command is followed by parameters in one line, OR logic is used. If match commands are on new lines, AND logic is used.

But i could not get that to work on my enterprise 12.3 IOS. Even when entering commands on new lines, after show route-map command, all match statements were on the same line. Maybe another IOS will do.

2. Second option is define ACL for every AS PATH and use BGP route-map continue function.

http://www.cisco.com/en/US/customer/products/ps6566/products_feature_guide09186a00801a7f7a.html

So you'd have:

ip as-path access-list 140 permit _15169$

ip as-path access-list 141 permit _10310$

ip as-path access-list 142 permit _36752$

route-map YAHOO_GOOGLE_CHECK permit 10

match as-path 140

continue 20

route-map YAHOO_GOOGLE_CHECK deny 15

route-map YAHOO_GOOGLE_CHECK permit 20

match as-path 141

continue 30

route-map YAHOO_GOOGLE_CHECK deny 25

route-map YAHOO_GOOGLE_CHECK permit 30

match as-path 142

This way, all as_paths are checked in sequence. If at least on as-path ACL is not matched, it falls through to the next sequence and is instantly denied with the sequence ending in 5. If it is present, than it continues to the sequence ending in 0. So all of the AS_PATH have to be present.

Silver

Re: Accepting default-route via BGP

...But i guess none of the AS_path will successfully finish until the end, because route-map evaluates routes line by line.

So scratch the previous idea...

Re: Accepting default-route via BGP

What do you mean that none of the AS_Path will successfully finish until the end?

I think you're route-map is better than the one submitted to us by the ISP.

-John

Re: Accepting default-route via BGP

Hi Mohammed Mahmoud,

About your post, it seems the it will execute a preemption on the HSRP if the host does not reply to an ICMP. What about triggering a static route when the host does not respond? So it can route to another ISP if the host does not respond. I know BGP is the best way to implement regarding lost routes and trigger a reroute. However, how can we implement this without using BGP and by tracking the latency on one ISP.

-John

306
Views
16
Helpful
12
Replies