04-12-2006 01:56 AM - edited 03-03-2019 12:23 PM
Dear Experts,
We have a problem about eBGP configuration.
Now my customer need config 2 physical circiut to our network.
The first circiut use for internet traffic, other circiut use for peering between IXPs in our country.
We think, we create 2 neighbour with the same customer's AS, and separate policies between 2 neighbour.
The example below:
neighbor 202.78.224.41 remote-as 24085
neighbor 202.78.224.41 ebgp-multihop 255
neighbor 202.78.224.41 version 4
neighbor 202.78.224.41 remove-private-AS
neighbor 202.78.224.41 route-map CUSTOMER_IN in
neighbor 202.78.224.41 route-map CUSTOMER-OUT out
neighbor 203.113.158.158 remote-as 24085
neighbor 203.113.158.158 version 4
neighbor 203.113.158.158 remove-private-AS
neighbor 203.113.158.158 route-map CUSTOMER-PEER-IN in
neighbor 203.113.158.158 route-map CUSTOMER-PEER-OUT in
Could you tell me this config can be done or not ??
Beacause i check in ietf, i see only draft about multisession BGP. I'm not sure about it and want to ask the Experts about this problem.
Thanks for your support!
04-16-2006 06:51 PM
Hi rtaulton ,
The first, i want to confirm that, we can config two neighbor with two physical circiuts in single router between 2 AS. It could be done or not?
With two neighbors, our router will received the same route from customer AS. We need create two separate routing policies between two neighbor, make sure that incoming and outgoing traffic in two physical circiut separate.
Many thanks.
04-16-2006 07:15 PM
Hi Mate,
Just to prove to you that this is possible, I simulated this setup in my lab. There are 2 routers, with 2 links between them and eBGP configured over each of these links:
Router 1
--------
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.7.1.2 remote-as 200
neighbor 10.8.1.2 remote-as 200
no auto-summary
Router1#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.7.1.2 4 200 5 5 19 0 0 00:00:13 15
10.8.1.2 4 200 5 5 19 0 0 00:00:11 15
Router1#
Router 2
--------
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 10.7.1.1 remote-as 100
neighbor 10.8.1.1 remote-as 100
Router2#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.7.1.1 4 100 5 5 391 0 0 00:00:52 0
10.8.1.1 4 100 5 5 391 0 0 00:00:50 0
Router2#
Paresh
04-16-2006 07:24 PM
Hi friend,
This configuration tested by myself.
But i wonder about policies will be applyed in two neighbors.
With MP-BGP it could be done but in BGPv4 i'm not sure.
But in this week, i will test with my customer and i hope that i will send a good infor to you.
Regard,
04-16-2006 07:44 PM
Hi,
While I have been trying to say that this config is certainly possible, I have to re-iterate my earlier warning to you about such a setup:
It does not make sense to run 2 separate eBGP sessions and then apply different policies to each of them. The reason is that the routes learned over both sessions will end up in the same BGP table. Let's take an example, say you apply an inbound policy on one session that filters out the 10.1.1.0/24 network. On the other session, you apply an inbound policy that does not filter out that network. The end result will be that the 10.1.1.0/24 route will appear in the BGP table, even though it was rejected by the first filter.
Unless you are planning to use Multi-VRF or are running BGP for different address-families on each session, then the setup is not going to work.
Paresh
04-16-2006 08:56 PM
Hi,
This is my configuration:
interface Serial7/1/0
ip address 203.113.157.245 255.255.255.252
framing g751
dsu bandwidth 34010
Interface VLAN 7
ip address 203.113.158.153 255.255.255.248
ip policy route-map QTSC-HighPriority-vn
router bgp 7552
neighbor 202.78.224.41 remote-as 24085
neighbor 202.78.224.41 ebgp-multihop 255
neighbor 202.78.224.41 version 4
neighbor 202.78.224.41 remove-private-AS
neighbor 202.78.224.41 route-map PMQT-CUSTOMER in
neighbor 202.78.224.41 route-map PMQT-CUSTOMER-OUT out
neighbor 203.113.158.158 remote-as 24085
neighbor 203.113.158.158 version 4
neighbor 203.113.158.158 remove-private-AS
neighbor 203.113.158.158 route-map PMQT-CUSTOMER in
neighbor 203.113.158.158 route-map QTSC-PEER-OUT in
*/ as-path use for advetise to AS 24085, apply for second physical interface
ip as-path access-list 12 permit _24085$
ip as-path access-list 15 permit ^23962 18403$
ip as-path access-list 15 permit ^23962 7643$
ip as-path access-list 15 permit ^23962 24066$
*/ All IP address receive from peering AS 23692, use for route-map
access-list 3 permit 58.186.0.0 0.1.255.255
access-list 3 permit 125.214.0.0 0.0.63.255
access-list 3 permit 202.6.2.0 0.0.0.255
access-list 3 permit 202.6.96.0 0.0.1.255
access-list 3 permit 202.47.142.0 0.0.0.255
access-list 3 permit 202.151.160.0 0.0.15.255
access-list 3 permit 203.77.178.0 0.0.0.255
access-list 3 permit 203.119.8.0 0.0.3.255
access-list 3 permit 203.128.240.0 0.0.7.255
access-list 3 permit 203.160.0.0 0.0.127.255
access-list 3 permit 203.162.0.0 0.0.255.255
access-list 3 permit 203.190.160.0 0.0.15.255
access-list 3 permit 203.210.128.0 0.0.127.255
access-list 3 permit 210.245.0.0 0.0.127.255
access-list 3 permit 221.121.0.0 0.0.63.255
access-list 3 permit 221.132.0.0 0.0.63.255
access-list 3 permit 221.133.0.0 0.0.31.255
access-list 3 permit 222.252.0.0 0.1.255.255
access-list 3 permit 222.255.0.0 0.0.255.255
access-list 3 permit 202.134.16.0 0.0.7.255
access-list 3 permit 220.231.64.0 0.0.63.255
access-list 3 permit 203.113.128.0 0.0.63.255
access-list 3 permit 125.234.0.0 0.1.255.255
access-list 3 permit 202.78.224.0 0.0.7.255
deny ip any any
*/ Route-map policies apply for the second physical interface permit any traffic receice in AS 23692
route-map QTSC-HighPriority-vn permit 10
match ip address 3
set ip next-hop 203.113.158.158
set metric 33333
route-map QTSC-HighPriority-vn permit 20
set ip next-hop 202.78.224.41
*/ Advertise to customer AS 24085, permit only traffic with destination received by AS 23692
route-map QTSC-PEER-OUT permit 100
match ip address prefix-list AllowToVNNIX
!
route-map QTSC-PEER-OUT permit 110
match as-path 15
!
route-map QTSC-PEER-OUT permit 120
match as-path 18
!
route-map QTSC-PEER-OUT deny 150
*/ Advertise to customer Internet, permit only traffic from Internet go though this link which policies apply
route-map PMQT-CUSTOMER-OUT deny 100
match ip address prefix-list AllowToVNNIX
!
route-map PMQT-CUSTOMER-OUT deny 110
match as-path 15
!
route-map PMQT-CUSTOMER-OUT deny 120
match as-path 18
!
route-map PMQT-CUSTOMER-OUT permit 150
!
*/ receive only routing from AS 24085
route-map PMQT-CUSTOMER permit 100
match as-path 12
!
route-map PMQT-CUSTOMER deny 150
04-16-2006 10:01 PM
Alright mate, I've had a pretty close look at your config and I am thinking that it will work okay. Since the next-hop of eBGP-learned routes is the peering address used for the peer from which the routes were learned, the customer router in AS 24085 will use the first link for all Internet traffic and the second link for traffic to the other ASs directly connected to AS 7552.
So on the face of it, I can't seem to see any problems with what you are proposing.
Pls do remember to rate posts.
Paresh
09-19-2022 12:24 AM
I have ISP with same private AS Number as mine,
I have a question, Can I form eBGP neighbourship with that neighbour?
How to configure it? what route filtering I need to do at my end?
09-19-2022 07:39 AM - edited 09-19-2022 07:39 AM
Hi @Ketan Ukani ,
It is not possible to establish an ebgp session with your ISP, if both sides use the same ASN. You will need to change the ASN on your side or ask the ISP to change the ASN on his side.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide