12-28-2009 06:30 PM - edited 03-04-2019 07:04 AM
Hi, all
Need your input for my scenario, we have 8 sites (Site 1 - 6, Site A & Site B) which connected to AT&T cloud with BGP running, we manage our CE router. Site A & Site B also have Internet connection from local providers, and these 2 sites (Site A & Site B) are generating a route zero through AT&T BGP network for Site 1 - 6 as an Internet Gateway. Currently Site 1 - 6 are pointing Site A as the Internet Gateway.
My question is there any method so that I can control Site 1 - 3 can access Internet through Site A and Site 4 -6 can access Internet through Site B without involve AT&T PE routers?
Appreciate for any idea?
Thanks
Kan
12-28-2009 06:45 PM
I am not sure using BGP community will be work or not ? Anyone has same experient on this
Thanks
12-28-2009 06:47 PM
Assuming all routers are Cisco routers, you can have site 1-3 to give Site A's 0.0.0.0/0 with a higher WEIGHT value, and site 4-6 to give Site B's 0.0.0.0/0 with a higher WEIGHT value.
Here is an example on WEIGHT
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#weight
Regards,
jerry
12-28-2009 09:12 PM
Hi,
From your description, it appears that you have L3 MPLS service fro AT&T (i.e) BGP neighborship will be between your CE and AT&T PE. In that case, as AT&T PEs are also involved in routing decision, you cannot have specific site to select one gateway and other using the next natively. Few options, I can think of is below,
1) You may need to have tunnel configured between the sites 1 to 3 with Site A and Sites 4-6 with Site B and point the static default route to this tunnel. The BGP default route will take care of redundancy.
2) Configure iBGP between Site 1- 6 and Site A and Site in a way that each Site will have neighborship with Site A and Site B. Configure Site A and Site B to advertise default route to all sites. Now tweak attrites like WEIGHT to select the best path and have the other as redundancy.
3) The other option is to involve AT&T PE and tweak the attribute/routing decision, which I am not sure if they will agree.
HTH,
Nagendra
12-29-2009 02:23 AM
Hello Nagendra,
I agree this is the likely scenario.
If so the service provider routers are involved in routing.
To be noted that actual AS number used at the sites can be the same or different because the provider can use as-override or other functions to make the sites communicate even if the AS is the same.
Cooperation with the provider, if they agree, may allow to use BGP communities set on the two default routes.
Then PE routers could increase local preference of one route with a specific BGP community attribute so that connected VRF site will use a specific internet exit point.
In this case a route-map should be applied inbound on the VPNv4 sessions of the PE with its route reflector servers to increase local preference or to provide a weight.
Without these BGP settings best IGP metric in SP provider network to the other PE node (the one originating the default route in VPNv4) is used in choising a best path, CE nodes receive only one default route after PE has made its choice.
Hope to help
Giuseppe
12-29-2009 12:51 AM
Hi,
if I understand correctly, both sites A and B are advertising the default route via BGP to your corporate network?
If site A is using a different AS number than site B, I'd try following:
Configure an incoming BGP route-map on sites 1 - 3 setting a high local preference for default route originated from A (should use one AS number) and not changing other prefixes.
Configure an incoming BGP route-map on sites 4 - 6 setting a high local preference for default route originated from B (should use another AS number) and not changing other prefixes.
(See https://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdbgp.html#wp1020124
you'd need a little more complicated route-map.)
This way sites 1-3 would use A as a gateway to the Internet and sites 4 - 6 would use B.
If one of A, B sites fails, all sites 1 - 6 would use the alive A,B site to access the Internet.
HTH,
Milan
12-29-2009 12:52 AM
are Site A and Site B using same AS number or differnt ?
if its differnt you can do it by using route map with AS path list
for example let say Site A in AS 10 you can do this config in site 1 - 3 as you wanted:
as-path access-list 1 permit _10$
or
as-path access-list 1 permit _10_
route-map AS10
match as-path 1
set weight 150 -- you can use local prefrence as well here
router bgp xx
neighbor x,x,x,x route-map AS10 in
if Site A and B are in the same AS number you can use community list to mark your traffic with that community
for example in Site A :
create a route-map
route-map map1
set community 1:00 (any numbers)
router bgp xx
neighbor x.x.x.x default-originate route-map map1
neighbor x.x.x.x send-community
in the remote sites ( thats need to prefer this route thorugh Site A) you will do same idea as above but instead of matching AS path you will match community number
ip community-list 1 permit 1:00
route-map AS10
match community 1
set weight 150
router bgp xx
neighbor x,x,x,x route-map AS10 in
but you need to coordinate with your ISP to make sure they pass your community throughout their SP network especially from their PE to your CE routers if not you will not see the community numbes
for site B and other CE routers same idea can be done
good luck
if helpful Rate
12-29-2009 01:17 AM
Hi,
I'd improve your route-map slightly:
ip prefix-list default-only seq 5 permit 0.0.0.0/0
route-map AS10 permit 10
match as-path 1
match ip address prefix-list default-only
set local-preference 150
route-map AS10 permit 20
This way it would set higher local preference of the default route ONLY (not for all the prefixes coming from AS 10).
Without the "route-map AS10 permit 20" line the incoming BGP route-map would deny all prefixes not-matching the previous conditions.
BR,
Milan
12-29-2009 02:01 AM
Thanks all of your input.
Kan
12-29-2009 04:21 AM
thank you Milan
the is the way i was suggesting but because i was thinking and writing i forgot the prifexlist and second sequence of the route-map
anyway i wish the ideas we sugessted wil be helpful
Kan, please rate the helpful post to let others when they search know which solution or solutions helped you
thank you
01-10-2010 11:25 PM
Hi Guys,
I thik this is a L3 MPLS Vpn by AT&T. in that case the PE routers are also participating in the routing.
Even if the router A and B are advertising the default route, it will get filtered in the service provider cloud using normal BGP route selection algorithom and only the best path will be advertised to the sites 1-6.
in that case this policy map will not work.
01-11-2010 01:35 AM
Hi,
you are correct, good point :-(
But using different route distinguishers in A and B, the provider should be able to get both default routes to the site 1-6's PEs.
And it might be possible to ask the provider to configure the suggested route-map to apply on proper VRF?
BR,
Milan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: