Bobby

I am not clear from your description whether this new network is another network within the interior of your network or whether it is external/outside of your network. From your mention of prepend I am assuming that the network is interior to your BGP. In that case the route map to manipulate local preference is not an effective solution (it only work for external networks). I would suggest that the best solution for you is to configure Policy Based Routing to recognize that network and to forward traffic originating from that network out the other path. You would need to configure PBR on both of the BGP routers to get this to work.

HTH

Rick

Yes, it's an interior network that needs to be forced out a particular link. I thought PBR was the way to go but wanted to be sure.

Thanks.

Using pbr with bgp risks routing loops if an isp goes down for example if I force traffic to use hop a on router a (HSRP master) and router a ISP is down router a will be getting one default via ibgp router b instead of the isp, router b will then force the traffic back to router a due to pbr.

I would pull down a full table from the ISPs if your routers can handle it and pref the routes based on the popular destinations. Or set a as path access list and match routes that cross tier one isps and pref them half on one router and half on the other.

Josh

Here is part of what Bobby says in the original post:"We now want to introduce a new network that we want to prefer inbound and outbound over the other link, to do some load sharing."

I do not see how your solution would be effective in guiding traffic generated from the new network to go out the alternate interface.

You have identified a potential issue - and there is a solution for this. In configuring PBR there is an optional parameter on the set command to verify availability. You can use this to check availability of the ISP and only do the set when the ISP is available.

HTH

Rick

IP SLA will work when monitoring the next hop but will not protect you from upstream problems.  For example one time I worked with a tier 3 isp that is using  two tier one upstreams upstreams.  The ISP never did a radb update which upstream #1 uses to update their inbound filters.  As a result when upstream #2 dropped on the ISP side our announcement was isolated on that ISPs network because upstream #1 was filtering it out.  Forcing the route would have caused that traffic to be sent into that ISP and black holed if it needed to be routed past thier AS.  Monitoring did not even catch this.  We did notice a significant decrease in traffic, which led us to the problem. 

I always liked to use the longest prefix match to influnce inbound traffic.  Is your new network more that a /24? if so you can do something like this:

isp router #1

networks advertised: 1.1.1.0/23  and 1.1.1.0/24

isp router #2

networks advertised: 1.1.1.0/23 and 1.1.2.0/24

under normal operations 1.1.1.0/24 will come in 1.1.1.0/24 and 1.1.2.0/24 will come in isp #2. 

You can then get a full table in and local pref the "interesting" routes accordingly. 

That is my suggestion to keep things simple.  I have encountered a lot of problems like the one above, more so than the next hop going down.

Josh

We can agree that sending traffic through the Internet can get quite complex and that there are many potential problems. All of the solutions that you have suggested are focused on what is advertised out and so controls traffic inbound to Bobby's network. Bobby was quite clear that part of the objective is to control traffic generated from this new network and to forward that traffic out the other link. What kind of solution would you offer to Bobby for control of outbound traffic if you think that PBR and IP SLA are so problematic?

HTH

Rick

Rick,

I would take down a full table on each edge router.  Mark the destination on the edge router you want the traffic to go via local pref.  Exchange the full tables in your iBGP mesh.

For example if you want traffic to go out rtr-1 connected to isp-1 destined for 1.1.1.0/24 and if you want traffic 2.2.2.0/24 to go out ISP-2 on RTR-2.    RTR-2 and RTR-1 would be ibgp neighbors.  See config below.

If prefixes don't work you can match a community string   ASN path ACL or any of the attributes BGP gives you.

rtr-1 config:

router bgp 1

network ......

nei route-map isp-1-in

ip prefix-list ISP-1 permit 1.1.1.0/24

ip prefix-list martian permit

route-map isp-1-in deny 5

match ip address prefix-list martian

route-map isp-1-in permit 10

match ip address prefix-list ISP-1

set local-preference 120

route-map isp-1-in permit 20

rtr-2 config:

router bgp 1

network ......

nei route-map isp-2-in

ip prefix-list ISP-2 permit 2.2.2.0/24

ip prefix-list martian permit

route-map isp-2-in deny 5

match ip address prefix-list martian

route-map isp-2-in permit 10

match ip address prefix-list ISP-2

set local-preference 120

route-map isp-1-in permit 20

can you explain how ip sla can protect you against upstream problems like the one I mentioned above?  I run into this type of thing all the time.  It has also been my experience that SLA does not "fail back" when the ISP comes back on line causing a loop.  I would be interested to know your experience with SLA or some other type of thing that can protect us from these types of issues.  That way I would not need a high end edge router for full tables and come in at a lower cost.

Josh

Once again you focus on a solution using BGP advertisements which is very effective in controlling inbound traffic. Since Bobby also has a requirement to control outbound traffic I would very much like to know what you would suggest.

I do not know about your experience but I have implemented IP SLA with PBR (verify availability) on a customer 2851 router and it worked well. It would fail over if there was a problem and would fail back when the problem was resolved.

HTH

Rick

Rick,

I don't understand how you are saying it is not controlling outbound traffic??????  I am matching inbound routes from the provider in a full table.  When traffic is headed outbound it will match an inbound route recieved from the provider.....

I agree to disagree with you with about our theories behind PBR with BGP.  Hopefully bobby can wiegh both of our opinions and pick the best option.  regards..

Josh,

1. Its not recommended to pull the internet table as not always customers have the routers which can handle that.

2. In your config where does it talk about the source from the internal network? Lets say my internal networks are 10.10.10.0/24 and 192.168.1.0/24. According your configuration you are not specifying any source which means that any traffic from both the internal networks will go thru either ISP1 or ISP2 as per your config.

However, Bobby is saying that he has a network that he wants to use for both outbound and inbound.which rick and bobby have righthly mentioned PBR can do that.

Can you show me where in your config have you mentioned coming from a source internal network.

Kishore

Bobby -

Can you draw up a quick doc on this setup and post it? I am trying to accomplish something similar and need some topology design ideas to work with.