cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5190
Views
10
Helpful
20
Replies

BGP and as-path prepend to influence inbound traffic

gasparmenendez
Level 3
Level 3

Hi folks,

I ruuning Multihoming BGP with 2 ISPs since a while ago, a very simple configuration. Here are the relevant parts:

 

interface TenGigabitEthernet0/0/0
 description *** ISP Level3 ***
 ip address 208.X.X.182 255.255.255.252
!
interface TenGigabitEthernet0/0/1
 description *** ISP Metrocarrier ***
 ip address 187.Y.Y.113 255.255.255.254
 shutdown
!
router bgp 2???25
 bgp log-neighbor-changes
 network Z.Z.240.0 mask 255.255.252.0
 network Z.Z.240.0 mask 255.255.254.0
 network Z.Z.242.0 mask 255.255.254.0
 neighbor 187.Y.Y.112 remote-as 13999
 neighbor 187.Y.Y.112 password 7 ********************
 neighbor 187.Y.Y.112 route-map MC out
 neighbor 208.X.X.181 remote-as 3549
 neighbor 208.X.X.181 password 7 ********************
 neighbor 208.X.X.181 route-map L3 out
!

ip route Z.Z.240.0 255.255.252.0 Null0
ip route Z.Z.240.0 255.255.254.0 Null0
!
ip prefix-list L3 seq 10 permit Z.Z.240.0/22
ip prefix-list L3 seq 15 deny 0.0.0.0/0
!
ip prefix-list MC seq 10 permit Z.Z.240.0/23 le 27
ip prefix-list MC seq 20 permit Z.Z.242.0/23 le 27
ip prefix-list MC seq 30 deny 0.0.0.0/0
!
route-map MC permit 10
 match ip address prefix-list MC
!
route-map L3 permit 10
 match ip address prefix-list L3
!

so far so good. As you can see I have interface TenGigabitEthernet0/0/1 shut down in order to force inbound traffic to come through ISP connected to interface TenGigabitEthernet0/0/0. Obviously automatic failover is not working. When ISP Level3 goes down I need to manually turn interface TenGigabitEthernet0/0/1 up. In order to solve this I've been reading the BGP Documentation and I think I can use the as-path prepend command to influence the inbound traffic but I understand that I can not use two route-map on the same neighbor, is that correct?? how can I achieve my gold, can anybody help me please ?? or the best way is to ask to my ISP to AS prepend my block to the other ISPs ???

Thanks. BR.

20 Replies 20

chrihussey
VIP Alumni
VIP Alumni

Hello,

1- It is unclear to me why the prefix lists don't match. I do not believe you are properly advertising your routes to L3 with the one you have configured. Check with "show ip bgp nei 208.X.X.182 advertised-routes".

2- Instead of using a route map to apply the prefix list for advertising to both neighbors, simply use the "neighbor x.x.x.x prefix-list (name) out"

3- Once you have done this you can prepend to the ISPs using a route-map.

 

Hope this helps

I'm getting this:

Contencion1001-X#sh ip bgp neighbors 208.Z.Z.181 advertised-routes
BGP table version is 23562466, local router ID is 208.Z.Z.182
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network              Next Hop            Metric LocPrf Weight Path
 *>  Z.Z.240.0/22     0.0.0.0                  0         32768 i

Total number of prefixes 1
Contencion1001-X#

don't know if that helps. I'll try what you suggest. I forgot to mention that this equipment is in production so, is there any chance of an outage???

thanks.

Hi,

 

Try the following. Note that you will need to advertise the /22 prefix out of both links otherwise the longer /23 prefixes advertised out of TenGig0/0/1 will be preferred regardless of the configured as-path length. 

 

router bgp 2???25
 bgp log-neighbor-changes
 network Z.Z.240.0 mask 255.255.252.0
 neighbor 187.Y.Y.112 remote-as 13999
 neighbor 187.Y.Y.112 password 7 ********************
 neighbor 187.Y.Y.112 route-map MC out
 neighbor 208.X.X.181 remote-as 3549
 neighbor 208.X.X.181 password 7 ********************

 neighbor 208.X.X.181 route-map L3 out

!

ip prefix-list PREFIX1 seq 10 permit Z.Z.240.0/22

!
route-map MC permit 10

 match ip address prefix-list PREFIX1
 set as-path prepend 2???25 2???25 2???25

!

route-map L3 permit 10

 match ip address prefix-list PREFIX1

hello @willwetherman, sorry for the delay...just today I had chance to apply what you suggested me in a safely way, but guess what ?? it half worked...now with both interfaces up, some amonunt of traffic is coming through Tgi0/0/0 and the rest through Tgi0/0/1, don´t know based on what criteria??? Any idea why??

Thanks a lot in advance.

sorry for asking, but maybe I should open a new thread cause this one is too old???

Where are you seeing the traffic irregularity, inbound or outbound. Can you post your configs?

Thanks

irregularity is in inbound traffic...one funny thing (or that I don't understand why is happening) is that my inbound traffic is 3.5 Gbps aprox. total, and of that amount, 2 Gbps aprox are comming through Tgig0/0/1 and the rest (1.5 Gbps aprox.) are comming through Tgig0/0/0....my configs are:

 

router bgp 2???25
 bgp log-neighbor-changes
 network Z.Z.240.0 mask 255.255.252.0
 neighbor 187.Y.Y.112 remote-as 13999
 neighbor 187.Y.Y.112 password 7 ********************
 neighbor 187.Y.Y.112 route-map MC out
 neighbor 208.X.X.181 remote-as 3549
 neighbor 208.X.X.181 password 7 ********************

 neighbor 208.X.X.181 route-map L3 out

!

ip prefix-list PREFIX1 seq 10 permit Z.Z.240.0/22

!
route-map MC permit 10

 match ip address prefix-list PREFIX1
 set as-path prepend 2???25 2???25 2???25

!

route-map L3 permit 10

 match ip address prefix-list PREFIX1

 

thanks!!

Can you check some looking glass sites to see if you are advertising with the as-path prepending?

https://us.ntt.net/support/looking-glass/

http://lookingglass.level3.net/

http://lg.evolink.net/

https://www.sprint.net/lg/lg_start.php

 

 

I think I'm because before using the as-path prepending my whole inbound traffic were coming through Tgig0/0/1, at least now it's splitted...let me check with looking glass and get back here.

here it is:

Captura de pantalla de 2018-03-20 14-11-08.png

Well that's good. And if you do "show ip bgp neighbor advertised-routes" the advertisements are identical and just the /22?

yes they are....look here:;

Sin nombre.png

Well it certainly looks like you are doing everything right. Tough to say why you are seeing what you are.

1- Slight chance there are users on or behind AS13999 that still prefer that path. You could try prepending an additional 2 or three more times.

2- Perform trace routes from various looking glass sites to see if any choose AS13999 as opposed to L3. That may help identify what is happening.

3- Check some of the larger ISP looking glass sites (Sprint, Time Warner, Cogent, etc) to see which AS they are preferring. It may be filtered to larger providers.

Like I said, it looks like you are doing everything right. It might be the result of other providers.

 

ok I'm going to prepend 3 more times to see what happens...if nothing change then I'm going to explore the other options, just to be sure that is a thing with my providers. Anyway I think at the end I can advertise two /23 to L3 and all my inbound traffic should come through it, right??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco