I am getting full internet route from ISP-1 and getting just a default route from ISP-2. ( Both ISP connection is terminated on the one central site router.) What i am trying to do , to make an ISP-2 connection is completly backup for inbound traffic. To achieve that ,i am trying to use BGP conditional advertisemet configuration. I have got a problem with NON-EXIST route map's access-list. In the NON-EXIST router map i am using the commands which is written below ;
ip as-path access-list 1 permit ^200 !!! (ISP-1 AS number) !!!
access-list 65 permit any !!! (permit any packet from ISP-2) !!!
route-map NON-EXIST permit 10 !!! (this matches any route from AS200) !!!
match ip address 65
match as-path 1
router bgp 10 !!! (My AS number) !!!
neighbor X.Y.Z.W (ISP-2 ip address) advertise-map ADVERTISE non-exist-map NON-EXIST !!! (What is says. This router will only advertise "networks defined in the route-map named ADVERTISE" if and only if "routes that are defined in the route-map named NON-EXISTS" do not appear in the BGP routing table.) !!!
with this configuration when the ISP-1 connection is up , my router still adversite my subnet to the ISP-2. What should i write in the access-list 65 to not advertise my subnet to the ISP-2 until the failure of ISP-1 connection ? ( As i said , i am getting the full internet table from ISP-1.)
In the attached Router's configuration ,
access-list 65 permit 172.16.1.0 0.0.0.255
command is used and with this command bgp conditional advertisement is working fine.
But when i use ,
access-list 65 permit any
command , the conditional advertisement doesn't work.
"The prefix tracked by the BGP speaker must be present in the IP routing table for the conditional advertisement not to take place."
I'm afraid this is not fulfilled if you put ip permit any
to your access-list 65.
You need to choose a particular prefix to track.
As Milan indicated, you need to track on a specific route for conditional to work. My suggestion would be to change ISP1 to only receive the default, which is sufficient as you want to implement a primary and backup scenario. You can then set the non-existent map to track the default route and as-path coming from ISP1, which should give you what you need. Receiving the full routing table from ISP1 does not add any value in your scenario and does consume way more memory.
Sorry, I meant change ISP1 to only send the default route.
In the future , it is possible to configure some filtering or some other custom configs , that's why one of the ISP's sending a full route , that's not going to be changed.
In this kind of setup , which prefix should i trust from ISP-1 for non-exist route-map's access-list ? I have tried to use subnet between ISP-1 and multihoming router , but no success.
In this case, I would recommend tracking on a couple of root DNS subnets as these are highly reliable subnets. This can be done by changing your ACL as follow:
access-list 20 permit 126.96.36.199 0.0.0.255 /* a.root-servers.net */
access-list 20 permit 188.8.131.52 0.0.0.255 /* b.root-servers.net */
access-list 20 permit 184.108.40.206 0.0.0.255 /* c.root-servers.net */
access-list 20 permit 220.127.116.11 0.0.255.255 /* d.root-servers.net */